[英]How to implement claims-based authentication using Identity 2.0 in Asp.net MVC
[英]ASP .NET MVC application claims-based with ADFS 2.0 - too many redirects
我正在尝试使用.NET 4.5创建一个ASP .NET MVC Web应用程序,该应用程序使用基于声明的身份验证和ADFS 2.0。
当我运行该应用程序时,出现错误“太多重载”。 我怀疑这是由于应用程序的Web.config中的某些错误配置导致的,如下所示:
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://application1.ourdomain.com/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="RTEWQ67890ABCDEFGHIJKLMNOPQRSTUVWXYZZZZ"/>
</trustedIssuers>
</issuerNameRegistry>
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" />
<wsFederation passiveRedirectEnabled="true" issuer="https://application1.ourdomain.com/trust/" realm="https://application1.ourdomain.com/" reply="https://application1.ourdomain.com/" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>
在ADFS 2.0上,声明配置如下:
SigningCertificateRevocationCheck : CheckChainExcludeRoot
WSFedEndpoint : https://application1.ourdomain.com/trust/
AdditionalWSFedEndpoint : {}
ClaimsProviderName : {}
IssuanceTransformRules : @RuleTemplate = "LdapClaimsRuleTemplate"
@RuleName = "application1 Claim Rule"
c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",
Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types =
("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role"), query =
";userPrincipalName,mail,tokenGroups;{0}", param = c.Value);
ClaimsAccepted : {}
ConflictWithPublishedPolicy : False
EncryptClaims : True
Enabled : True
EncryptionCertificate :
Identifier : {urn:stsout.ourdomain.com:application1}
LastMonitoredTime : 01/01/1900 01:00:00
LastPublishedPolicyCheckSuccessful :
LastUpdateTime : 01/01/1900 01:00:00
MetadataUrl :
MonitoringEnabled : False
Name : application1 Relying Party Trust
NotBeforeSkew : 0
EnableJWT : False
AlwaysRequireAuthentication : False
Notes :
OrganizationInfo :
ImpersonationAuthorizationRules :
AdditionalAuthenticationRules :
ProxyEndpointMappings : {}
ProxyTrustedEndpoints : {}
ProtocolProfile : WsFed-SAML
RequestSigningCertificate : {}
EncryptedNameIdRequired : False
SignedSamlRequestsRequired : False
SamlEndpoints : {}
SamlResponseSignature : AssertionOnly
SignatureAlgorithm : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
TokenLifetime : 0
AllowedClientTypes : Public
IssueOAuthRefreshTokensTo : NoDevice
AllowedAuthenticationClassReferences : {}
AutoUpdateEnabled : False
DelegationAuthorizationRules :
EncryptionCertificateRevocationCheck : CheckChainExcludeRoot
PublishedThroughProxy : True
IssuanceAuthorizationRules : @RuleTemplate = "AllowAllAuthzRule"
=> issue(Type = "http://schemas.microsoft.com/authorization/claims/permit",
Value = "true");
发布者,领域和回复的Web.config条目应该是什么? 是否正确设置了ADFS 2.0声明?
发行者是ADFS URL,例如https:// my-adfs / adfs / ls / 。
更新
这是ADFS URL。 您将需要向ADFS团队询问实际地址(您在“ my-adfs”中替换的地址)。
例如https://adfs234.cloudapp.net/adfs/ls/
如果ADFS团队可以提供,也可以从元数据中获取。
是的-它特定于该安装。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.