堆栈内存溢出
  简体   繁体   English

如何从 ADFS 服务器获取 SAML 令牌以从 C# 中的动态 CRM 本地(非 sdk)中提取数据?

[英]How to get a SAML token from ADFS sever to pull data from dynamics CRM on-premises (non-sdk) in c#?

 原文  2019-08-04 02:49:13       c#/ dynamics-crm/ saml/ adfs

问题描述

I have tried to get a SAML token from ADFS to pull data from on-premises CRM (non-sdk), but I don't know how..I think I need to make a SOAP request to ADFS to get a SAML token by using postasync method, and then I think I need to put the token in a http header like below to pull data from CRM.我试图从 ADFS 获取 SAML 令牌以从本地 CRM(非 sdk)中提取数据,但我不知道如何..我想我需要向 ADFS 发出 SOAP 请求以通过以下方式获取 SAML 令牌使用 postasync 方法,然后我想我需要将令牌放在像下面这样的 http 标头中以从 CRM 中提取数据。

httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", TOKEN); httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", TOKEN);

https://docs.microsoft.com/en-us/previous-versions/dynamicscrm-2016/developers-guide/gg327838(v=crm.8) https://docs.microsoft.com/en-us/previous-versions/dynamicscrm-2016/developers-guide/gg327838(v=crm.8)

https://community.dynamics.com/crm/f/microsoft-dynamics-crm-forum/255985/crm2016-afds-authentication https://community.dynamics.com/crm/f/microsoft-dynamics-crm-forum/255985/crm2016-afds-authentication

https://gist.github.com/jlattimer/7b0ee146badfc57fc9c9 https://gist.github.com/jlattimer/7b0ee146badfc57fc9c9

I have read those three links above (and other stuff), and tried them but it seems like the first two work only for sdk, not non-sdk.我已经阅读了上面的三个链接(和其他东西),并尝试了它们,但前两个似乎只适用于 sdk,而不适用于非 sdk。 And, the github stuff didn't work for me, either.而且,github 的东西对我也不起作用。 And I wonder if there is another way to generate a SOAP request instead of typing in everything like in the third link.我想知道是否有另一种方法来生成 SOAP 请求,而不是像在第三个链接中那样输入所有内容。

2 个解决方案

解决方案1
 0  2019-08-05 15:05:33

There is two ways, which I know.有两种方法,我知道。 In both ways you need to add your app as RPT to ADFS.在这两种方式中,您都需要将您的应用程序作为 RPT 添加到 ADFS。 Check this: https://docs.microsoft.com/ru-ru/windows-server/identity/ad-fs/operations/create-a-relying-party-trust Don't forget to enable saml protocol and set assertion consumer endpoint.检查这个: https : //docs.microsoft.com/ru-ru/windows-server/identity/ad-fs/operations/create-a-relying-party-trust不要忘记启用 saml 协议并设置断言消费者端点。

Solution one:解决方案一:

Just redirect all unauthorized users to https://your.adfs.instance/adfs/ls/IDpInitiatedSignon.aspx They will provide credentials and then will be asked to choose app for redirect.只需将所有未经授权的用户重定向到https://your.adfs.instance/adfs/ls/IDpInitiatedSignon.aspx他们将提供凭据,然后将被要求选择应用程序进行重定向。 If you will specify app using Relay state in url there will be no choice.如果您将在 url 中使用中继状态指定应用程序,则别无选择。 After that ADFS will send SAML response to endpoint, which was specified for RPT.之后,ADFS 将 SAML 响应发送到为 RPT 指定的端点。 If you use .NET, you can use WS-Fed module, which will automate this dataflow.如果您使用 .NET,则可以使用 WS-Fed 模块,该模块将自动执行此数据流。

Solution two:解决方案二:

You can do the same on your backend.您可以在后端执行相同的操作。 Thisis realization for .NET: https://blogs.msdn.microsoft.com/rodneyviana/2014/04/21/how-to-get-a-saml-protocol-response-from-adfs-using-c/这是 .NET 的实现: https ://blogs.msdn.microsoft.com/rodneyviana/2014/04/21/how-to-get-a-saml-protocol-response-from-adfs-using-c/

Also, you can make direct calls to ADFS, it'sa bit more native, but I don't guarantee that it will be SAML tokens.此外,您可以直接调用 ADFS,它更原生一些,但我不保证它将是 SAML 令牌。 Here is example: Authentication in C# with Active Directory这是示例: C# 中的身份验证与 Active Directory

UPD.更新。 I read your question again and not sure, that it is what you need.我再次阅读了您的问题,但不确定是否是您所需要的。

解决方案2
 0 已采纳  2019-08-07 19:11:08

ADFS is an Identity Provider (IDP) and implements: ADFS 是身份提供者 (IDP) 并实现:

  • OpenID Connect OpenID 连接
  • WS-Fed WS-Fed
  • SAML安全反洗钱

Your client has to implement one of these three protocols.您的客户端必须实现这三个协议之一。

You can't use SOAP.您不能使用 SOAP。

For OpenID Connect (OIDC), you can use a REST API but that gives you a JWT, not a SAML token.对于 OpenID Connect (OIDC),您可以使用 REST API,但这会为您提供 JWT,而不是 SAML 令牌。

Once you have the access token via OIDC, you add it as ("Bearer", TOKEN) as you describe.通过 OIDC 获得访问令牌后,您可以按照您的描述将其添加为 ("Bearer", TOKEN)。

Good overview and samples .很好的概述示例

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用访问令牌将数据发布到C#中的Dynamics CRM中 - How to post data to Dynamics CRM in C# using Access Token 从Dynamics CRM Online动态提取数据 - Dynamically Pull Data from Dynamics CRM Online 使用XRM SDK从ms dynamics crm获取相关数据 - get related data from ms dynamics crm using XRM SDK 是否可以使用来自ADFS服务器的自定义c#模块将声明插入SAML令牌中? - Is it possible to inject claims into a SAML token using a custom c# module from an ADFS server? 如何将从动态 CRM 接收的字符串转换为 C# 中的字典 - How to Convert a string received from dynamics CRM to Dictionary in C# 如何使用crm sdk和C#从CRM 2011中的实体字段中获取选项集 - How to get the option set from a field in an entity in CRM 2011 using crm sdk and C# 如何从C#MVC中的ADFS 3.0端点获取Refresh_Token? - How do I get a Refresh_Token from a ADFS 3.0 end point in C# MVC? 如何从ADFS中获取SAML断言中的非空收件人属性 - How to get from ADFS a non-empty Recipient attribute in SAML Assertion 如何将WCF服务层从Azure迁移到本地 - How to move a WCF service layer from Azure to on-premises 具有Windows身份验证/当前登录用户的C#ADFS SAML令牌 - C# ADFS SAML token with Windows Auth / Current logged in user
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM