stackoom
  简体   繁体   中英

WIF with multiple STS's

 原文  2011-03-28 16:09:41       c#/ .net/ asp.net/ wif

Question

Apologies for the image being of terrible quality, but it shows my scenario of what I'm trying to achieve and wondering what the best possible solution for this is?

WIF场景

I have a test project setup, using RP to a single STS - in which works fine, the RP gets directed to the STS for approval and then sends a token back, simple.

However, I want, say, a drop-down list on my RP that you choose a "mode" and based on this mode you will re-directed for authorisation to one of the STS providers. Obviously I can't re-direct straight to the STS for this and so it would have to be dynamic, and the web.config settings removed for instant re-directs that the .NET projects automatically put there.

Can anyone give guidance on this?

4 answers

solution1
 4 ACCPTED  2011-03-28 16:21:53

Sounds like you would benefit from using Windows Azure's AppFrabric Access Control Service (ACS). You want to avoid putting code in your application to communicate with every STS provider, and ACS is designed to address that problem. The idea is that you configure ACS with as many STS providers as you want, and then your application (using WIF) communicates solely with ACS to perform authorization.

Read more about it here (Click 'Access Control' on the left): http://www.microsoft.com/windowsazure/AppFabric/Overview/default.aspx

solution2
 4  2011-05-06 04:44:53

Here's what you do. In global.asax, add this code 

void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
{
    string whr = HttpContext.Current.Request.QueryString["whr"]; 
    if (!string.IsNullOrEmpty(whr))
    {
        //add your logic to determine the STS
        e.SignInRequestMessage.HomeRealm = @"http://path-to-STS";
    }
}

solution3
 1  2011-03-29 00:57:01

You could also use ADFS v2.0 to accomplish this. Any other STS federated with ADFS will appear in the "Home Realm Discovery" drop-down list.

AppFabric ACS is "essentially" ADFS in the cloud and there is nothing stopping you federating ADFS and ACS.

solution4
 1  2011-08-06 21:45:58

The "RedirectingToIdentityProvider" override is exactly what I would do as well.

Just posting this link here you can find a collection of IdentityFederationSamples here if that helps to have an entire solution. There is a sample for redirecting to one of two STS, there is another that shows chaining STS. http://www.michelelerouxbustamante.com/post/Cloud-Connections-Las-Vegas-Links.aspx

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using WIF STS tokens with WCF In WCF/WIF how to merge up claims from two different client's custom sts's tokens WIF authentication scenario. STS implementation questions WCF/WIF STS remember me function WIF Based Authentication Does Not Contact STS Issuer WIF: Determining whether a user has a valid session with the STS How to get SSO on Site B from Site A using WIF and STS Provider Requesting a SAML 2.0 security token from a WS-Trust STS using WIF 4.5 SAML2 token not working with WIF/Federated/STS for SSO - please help/advise How to Set Sliding Expiration in my MVC app that uses STS (WIF) for authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM