[英]Authenticate user by ADFS (Active Directory Federation Service)
I need to check whether particular user exist OR not in Active Directory by ADFS
. 我需要通过
ADFS
检查特定用户是否存在于Active Directory中。
So, I want my ADFS to check user Authentication
by UserName/Password. 所以,我希望我的ADFS 通过UserName / Password
check user Authentication
。
Could anybody please provide the sample code OR tutorial for the same. 任何人都可以提供相同的示例代码或教程。
Thanks in advance! 提前致谢!
To use Username/Password authentication you can use the 要使用用户名/密码身份验证,您可以使用
trust/13/UsernameMixed
信任/ 13 / UsernameMixed
endpoint of the ADFS 2.0. ADFS 2.0的端点。
This does NOT check if the user exists in the Active Directory! 这不会检查用户是否存在于Active Directory中!
In code you request the token like this: 在代码中,您可以像这样请求令牌:
WSTrustChannelFactory adfsfactory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
StsEndpoint);
adfsfactory.TrustVersion = TrustVersion.WSTrust13;
// Username and Password here...
factory.Credentials.UserName.UserName = "domain\username";
factory.Credentials.UserName.Password = "password";
IWSTrustChannelContract channel = adfsfactory.CreateChannel();
// request the token
SecurityToken token = channel.Issue(rst);
Then create the channel factory for your service using your token: 然后使用您的令牌为您的服务创建渠道工厂:
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message);
var factory = new ChannelFactory<IYourInterface >(binding, "your service address");
factory.ConfigureChannelFactory();
IYourInterface channel = factory.CreateChannelWithIssuedToken(token);
Hope this helps! 希望这可以帮助!
The AD FS 2.0 sign-in pages support username/password authentication out of the box. AD FS 2.0登录页面支持开箱即用的用户名/密码验证。 No code or customizations necessary.
无需代码或自定义。
As per @Marnix, this is out the box behavior. 根据@Marnix,这是不行的。
However, just to point out: 但是,只需指出:
Authenticating the user is NOT the same as checking whether a particular user exists in Active Directory. 对用户进行身份验证与检查Active Directory中是否存在特定用户不同。
eg the user could be locked out. 例如,用户可能被锁定。 He still exists in AD but will not be able to authenticate.
他仍然存在于AD但无法进行身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.