[英]ADFS SSO Anonymous Home Page MVC 4 ASP.NET
我一直在尋找答案,但是在Google看來,這是一個很難理解的概念。 我有多個MVC站點使用我們的ADFS進行單點登錄身份驗證。 它運作良好。 但是,我想知道是否可以有一個主頁,允許匿名用戶無需登錄即可訪問某些功能。我見過有人指的是從信賴方單點退出后將用戶重定向到匿名主頁。 。 基本上,我可以使用ADFS SSO保護一半的應用程序嗎?
<?xml version="1.0" encoding="utf-8"?> <configuration> <configSections> <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" /> <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> <connectionStrings> </connectionStrings> <appSettings> <add key="webpages:Version" value="3.0.0.0" /> <add key="webpages:Enabled" value="false" /> <add key="ClientValidationEnabled" value="true" /> <add key="UnobtrusiveJavaScriptEnabled" value="true" /> <add key="ida:FederationMetadataLocation" value="https://sts.testsite.com/FederationMetadata/2007-06/FederationMetadata.xml" /> <add key="ida:Realm" value="https://localhost:44301" /> <add key="ida:AudienceUri" value="https://localhost:44301" /> <add key="owin:AutomaticAppStartup" value="false" /> </appSettings> <location path="Account"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <system.web> <authentication mode="None" /> <authorization> <deny users="?" /> </authorization> <compilation debug="true" targetFramework="4.5" /> <httpRuntime targetFramework="4.5" requestValidationMode="4.5" /> <customErrors mode="On" defaultRedirect="~/Error.cshtml"> </customErrors> </system.web> <system.webServer> <validation validateIntegratedModeConfiguration="false" /> </system.webServer> <runtime> <runtimes here.../> </runtime> <entityFramework> <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework"> <parameters> <parameter value="v11.0" /> </parameters> </defaultConnectionFactory> <providers> <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" /> </providers> </entityFramework> <system.webServer> <modules> <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" /> <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" /> </modules> </system.webServer> <system.identityModel> <identityConfiguration> <audienceUris> <add value="https://localhost:44301" /> </audienceUris> <securityTokenHandlers> <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> </securityTokenHandlers> <certificateValidation certificateValidationMode="None" /> <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"> <authority name="http://sts.testsite.com/adfs/services/trust"> <keys> <add thumbprint="AA6032061B0E74B3B5B0D495DC7C55B18B0862A4" /> </keys> <validIssuers> <add name="http://sts.testsite.com/adfs/services/trust" /> </validIssuers> </authority> </issuerNameRegistry> </identityConfiguration> </system.identityModel> <system.identityModel.services> <federationConfiguration> <cookieHandler requireSsl="true" /> <wsFederation passiveRedirectEnabled="true" issuer="https://sts.testsite.com/adfs/ls/" realm="https://localhost:44301" requireHttps="true" /> </federationConfiguration> </system.identityModel.services> </configuration>
這是Global.asax。
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Email;
}
protected void Application_BeginRequest()
{
if (!Context.Request.IsSecureConnection)
Response.Redirect(Context.Request.Url.ToString().Replace("http:", "https:"));
}
protected void Application_Error(object sender, EventArgs e)
{
var error = Server.GetLastError();
var cryptoEx = error as CryptographicException;
if (cryptoEx != null)
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut();
Server.ClearError();
if (Request.Cookies["StoreNumber"] != null)
{
HttpCookie storeNumber = Request.Cookies["StoreNumber"];
storeNumber.Expires = DateTime.Now.AddDays(-1);
}
}
}
默認情況下,它應具有您想要的方式。 最有可能發生的是,您的web.config中的此設置導致它要求所有人都登錄,因為這是對匿名用戶的明確拒絕。 嘗試將其刪除,然后查看它是否可以按需要工作。
<authorization>
<deny users="?" />
</authorization>
從理論上講,如果將[Authorize]
放置在任何需要授權/登錄的控制器上,則也不需要以下幾行。 一旦刪除拒絕,它應該允許匿名用戶訪問AccountController
。 您應該能夠僅通過[Authorize]
和[AllowAnonymous]
控制哪些控制器/方法需要授權。
<location path="Account">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.