[英]ASP.Net ADFS Token Encryption certificate private key
根據此鏈接https://blogs.technet.microsoft.com/askpfeplat/2015/03/01/adfs-deep-dive-onboarding-applications/
我在依賴方上設置了令牌加密證書,並將公鑰導出到ADFS提供程序
我需要在asp.net web.config中進行哪些更改才能解密這些聲明。 我目前使用System.Security.Claims.ClaimsPrincipal
類來獲取聲明
讓它為任何其他人現在工作。 需要在web.config中更改以下內容。 將XXXX替換為您的證書指紋
<system.identityModel.services>
<federationConfiguration>
<serviceCertificate>
<certificateReference x509FindType="FindByThumbprint" findValue="XXXX" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>
<cookieHandler requireSsl="false" />
<wsFederation ... />
</federationConfiguration>
</system.identityModel.services>
將ADFS作為身份提供程序啟用時,對web.config進行了大量更改。 我經常發現簡單地創建一個新的MVC項目更容易,並使用更改身份驗證向導來選擇ADFS。 輸入詳細信息后,它將自動使用所需設置更新web.config,然后您可以將其復制到另一個項目。
下面我試圖列出所需的所有條目,但是我可能錯過了一些。
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://YOURADFS/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://YOURURL/" />
<add key="ida:AudienceUri" value="https://YOURURL/" />
</appSettings>
<system.web>
<machineKey validationKey="YOURMACHINEKEY" decryptionKey="YOURDECRYPTIONKEY" validation="SHA1" decryption="AES" />
</system.web>
<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://YOURURL/" />
</audienceUris>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://YOURADFS/adfs/services/trust">
<keys>
<add thumbprint="YOURCERTIFICATETHUMB" />
</keys>
<validIssuers>
<add name="http://YOURADFS/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" name="YOURCOOKIENAME" />
<wsFederation passiveRedirectEnabled="true" issuer="https://YOURADFS/adfs/ls/" realm="https://YOURURL/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
</configuration>
您當然必須使用您自己環境的相應值替換這些值。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.