ASP .NET MVC应用程序声明基于ADFS 2.0-重定向过多

Question

我正在尝试使用.NET 4.5创建一个ASP .NET MVC Web应用程序，该应用程序使用基于声明的身份验证和ADFS 2.0。

我正在https://docs.microsoft.com/zh-cn/dotnet/framework/security/how-to-build-claims-aware-aspnet-mvc-web-app-using-wif上阅读本教程

当我运行该应用程序时，出现错误“太多重载”。 我怀疑这是由于应用程序的Web.config中的某些错误配置导致的，如下所示：

<system.identityModel>  
    <identityConfiguration>  
        <audienceUris>  
            <add value="https://application1.ourdomain.com/" />  
        </audienceUris>  
        <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">  
            <trustedIssuers>  
                <add thumbprint="RTEWQ67890ABCDEFGHIJKLMNOPQRSTUVWXYZZZZ"/>  
            </trustedIssuers>   
        </issuerNameRegistry>  
        <certificateValidation certificateValidationMode="None" />  
    </identityConfiguration>  
</system.identityModel>  
<system.identityModel.services>  
    <federationConfiguration>  
        <cookieHandler requireSsl="false" />  
        <wsFederation passiveRedirectEnabled="true" issuer="https://application1.ourdomain.com/trust/" realm="https://application1.ourdomain.com/" reply="https://application1.ourdomain.com/" requireHttps="false" />  
    </federationConfiguration>  
</system.identityModel.services>  

在ADFS 2.0上，声明配置如下：

SigningCertificateRevocationCheck    : CheckChainExcludeRoot
WSFedEndpoint                        : https://application1.ourdomain.com/trust/
AdditionalWSFedEndpoint              : {}
ClaimsProviderName                   : {}
IssuanceTransformRules               : @RuleTemplate = "LdapClaimsRuleTemplate"
                                       @RuleName = "application1 Claim Rule"
                                       c:[Type ==
                                       "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",
                                       Issuer == "AD AUTHORITY"]
                                        => issue(store = "Active Directory", types =
                                       ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
                                       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
                                       "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"), query =
                                       ";userPrincipalName,mail,tokenGroups;{0}", param = c.Value);
ClaimsAccepted                       : {}
ConflictWithPublishedPolicy          : False
EncryptClaims                        : True
Enabled                              : True
EncryptionCertificate                :
Identifier                           : {urn:stsout.ourdomain.com:application1}
LastMonitoredTime                    : 01/01/1900 01:00:00
LastPublishedPolicyCheckSuccessful   :
LastUpdateTime                       : 01/01/1900 01:00:00
MetadataUrl                          :
MonitoringEnabled                    : False
Name                                 : application1 Relying Party Trust
NotBeforeSkew                        : 0
EnableJWT                            : False
AlwaysRequireAuthentication          : False
Notes                                :
OrganizationInfo                     :
ImpersonationAuthorizationRules      :
AdditionalAuthenticationRules        :
ProxyEndpointMappings                : {}
ProxyTrustedEndpoints                : {}
ProtocolProfile                      : WsFed-SAML
RequestSigningCertificate            : {}
EncryptedNameIdRequired              : False
SignedSamlRequestsRequired           : False
SamlEndpoints                        : {}
SamlResponseSignature                : AssertionOnly
SignatureAlgorithm                   : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
TokenLifetime                        : 0
AllowedClientTypes                   : Public
IssueOAuthRefreshTokensTo            : NoDevice

AllowedAuthenticationClassReferences : {}
AutoUpdateEnabled                    : False
DelegationAuthorizationRules         :
EncryptionCertificateRevocationCheck : CheckChainExcludeRoot
PublishedThroughProxy                : True
IssuanceAuthorizationRules           : @RuleTemplate = "AllowAllAuthzRule"
                                        => issue(Type = "http://schemas.microsoft.com/authorization/claims/permit",
                                       Value = "true");

发布者，领域和回复的Web.config条目应该是什么？ 是否正确设置了ADFS 2.0声明？

Answer 1

发行者是ADFS URL，例如https：// my-adfs / adfs / ls / 。

更新

这是ADFS URL。 您将需要向ADFS团队询问实际地址（您在“ my-adfs”中替换的地址）。

例如https://adfs234.cloudapp.net/adfs/ls/

如果ADFS团队可以提供，也可以从元数据中获取。

是的-它特定于该安装。