stackoom
  简体   繁体   中英

Using Passive Authentication in IdentityServer with OWIN in MVC5

 原文  2014-06-30 15:46:44       c#/ authentication/ asp.net-mvc-5/ owin

Question

I am trying to set up a proof of concept to move our Forms Authentication with a SQL Membership provider into a brokered authentication process. In order to do this, I am planning on leveraging Thinktecture's Identity Server 2 as the identity provider.

I have downloaded IdentityServer 2 and installed it and tried following the instructions from here: http://www.cloudidentity.com/blog/2014/02/20/ws-federation-in-microsoft-owin-componentsa-quick-start/

However, whenever I try to access a controller action which is restricted by the AuthorizeAttribute, I get an HttpResponse of 401 instead of a redirect to the IdentityServer's login page. The Startup.Auth.cs is set up with the following: 

public partial class Startup
{
    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
        });


        app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
          {
              MetadataAddress = "https://dvancuykidstrial.cloudapp.net/FederationMetadata/2007-06/FederationMetadata.xml"
              ,Wtrealm = "http://owin2.testing.com/"
              ,AuthenticationMode = AuthenticationMode.Passive
              ,BackchannelCertificateValidator = new FakeCertificateValidator()
          });

    }
}

Incidentally, the FakeCertificateValidator is simply an implemnentation of ICertificateValidator which merely returns true when the Validate function is invoked. This just lets me get past the self-signed certs I'm using for the PoC. 

public class FakeCertificateValidator : ICertificateValidator
{
    public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        return true;
    }
}

Can anyone see what I am doing wrong here?

2 answers

solution1
 9 ACCPTED  2014-07-15 18:06:02

I got my answer from here: https://katanaproject.codeplex.com/discussions/551624 . The problem turns out to be that I had set the following: 

AuthenticationMode = AuthenticationMode.Passive

The differences between the two modes according to the discussions are as follows:

In passive mode the middleware need to be invoked by name. In active mode the middleware will kick in for any 401 response

I had assumed (incorrectly) that the differences between the two modes were more along the lines of: Active and Passive Federation in WIF

solution2
 1  2014-07-07 17:39:18

I'm using OpenIdConnect instead of Federation but the symptom was the same so maybe this will help. I got my app working after I pulled in the 3.0.0-rc1 OWIN packages from nuGet. Also my proxy settings were not getting picked up for some reason, so I had to add a section to my web.config: 

<system.net>
  <defaultProxy>
    <proxy  proxyaddress="http://your.proxy.server.com"/>
  </defaultProxy>
</system.net>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Custom Identity using MVC5 and OWIN Ninject for MVC5, WebApi2 using OWIN Using both OWIN Cookie Authentication and Windows Authentication in the same MVC application Check Owin based claim on MVC5 How does OAuth with OWIN works in MVC5? Dependency injection with Autofac, MVC5 and OWIN not working ASP.Net MVC with Active Directory Authentication using Owin Middleware MVC5 Redirects to Login.aspx when using Windows Authentication Owin Authentication In MVC and Web Api Using Custom Login for forms authentication in asp.net mvc5
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM