使用Firefox和Chrome时,使用Azure ACS和ADFS的MVC3站点会不断提示输入凭据
[英]MVC3 site using Azure ACS & ADFS continually prompts for credentials when using Firefox and Chrome
问题描述
I've created a basic MVC 3 website that's using Windows Azure's Access Control Service (ACS) to perform user authentication against an Active Directory Federated Service (ADFS) endpoint. 
我创建了一个基本的MVC 3网站,该网站使用Windows Azure的访问控制服务(ACS)对Active Directory联合服务(ADFS)端点执行用户身份验证。 I followed the "Add STS Reference" wizard and the site runs fine and authenticates users just perfectly in IE. 我按照“添加STS参考”向导,该网站运行正常,并在IE中完美地验证用户。 However, when I use Chrome or Firefox it continually prompts for my credentials over and over again. 但是,当我使用Chrome或Firefox时,它会不断提示我的凭据一遍又一遍。
I found this post on technet that mentions the issue as it pertains to Firefox but there's no fix for Chrome mentioned, nor do I feel like the steps required to fix Firefox are practical in the real world (ie I can't expect end users to do this) 我发现这篇关于technet的帖子提到了这个问题,因为它与Firefox有关,但是没有提到Chrome的修复,也不觉得修复Firefox所需的步骤在现实世界中是实用的(即我不能指望最终用户做这个)
http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-continuously-prompted-for-credentials-when-using-firefox-3-6-3.aspx
Has anybody else hit this snag? 还有其他人遇到过这个障碍吗? What am I doing wrong? 我究竟做错了什么?
2 个解决方案
解决方案1
16 已采纳 2011-04-22 05:56:37
With some help from a Microsoft Rep (Adam Conkle) over on TechNet (scroll down to the comments), I finally have an answer to this problem. 在Microsoft Rep(Adam Conkle)的帮助下,在TechNet上 (向下滚动到评论),我终于得到了这个问题的答案。
Turns out, the ADFS website that performs authentication of users (this website gets setup in IIS during the installation of ADFS v2.0) is by default configured for Integrated Windows Authentication (IWA) . 事实证明,默认情况下,为集成Windows身份验证(IWA)配置了执行用户身份验证的ADFS网站(此网站在安装ADFS v2.0期间在IIS中进行设置) 。 IWA is configured in IIS to use Extended Protection for Authentication (EPA) and therein lies the problem. IWA在IIS中配置为使用身份验证扩展保护(EPA) ,其中存在问题。 Apparently, most other browsers don't support EPA yet which is why Firefox & Chrome continually prompt for credentials in a loop. 显然,大多数其他浏览器不支持EPA,这就是为什么Firefox和Chrome会不断提示循环中的凭据。
Two options... 两种选择......
- Keep using IWA but turn off EPA in IIS for the website ( described here ) 继续使用IWA但在IIS中为网站关闭EPA( 此处描述 )
- Turn off IWA in favor of Forms-based Authentication ( described here ) 关闭IWA以支持基于表单的身份验证( 此处描述 )
解决方案2
1 2015-07-22 16:13:42
I had the same issue, sort of. 我有同样的问题。 I had 1 person who was being prompted in Chrome and another that was not. 我有一个人在Chrome中被提示而另一个人没有被提示。 On a hunch, I looked at the trusted sites. 在预感中,我查看了受信任的网站。 The person who was being challenged had the intranet site in their list of trusted sites. 受到挑战的人在其受信任站点列表中拥有Intranet站点。 I removed it and tried again. 我删除了它并再次尝试。 This time they were not challenged. 这次他们没有受到挑战。
Thought I would put that out there in case anyone else has this issue. 以为我会把它放在那里以防其他人有这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.