[英]When trying to deserialize SAML tokens, can I read an SSL Cert from file instead of Certificate store
我想這樣的事情:
<microsoft.identityModel>
<service>
<serviceCertificate>
<certificateReference filename="App_Data/my.domain.com.crt" />
</serviceCertificate>
</service>
</microsoft.identityModel>
根據文檔 ,沒有。 要解密SAML令牌,WIF需要訪問證書的私鑰 。 通過將證書及其私鑰放在文件系統上(特別是在IIS管理的文件夾下 - 無論提供哪種保護)通常都是一個壞主意(tm)。 通過將證書放在證書庫中,您可以更嚴格地控制和管理對證書的訪問。
你可以,但正如Bobby建議你最好安裝在mahcine商店的證書。 實際上,當在Windows Azure上使用WIF部署應用程序時,這是一種解決方法,因為它不支持上傳證書。 這個限制早已不復存在。
我想到了。 在web.config中注釋掉這部分
<!--<serviceCertificate>
<certificateReference x509FindType="FindByThumbprint" findValue="" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>-->
將此代碼添加到global.asax
protected void Application_Start()
{
Microsoft.IdentityModel.Web.FederatedAuthentication.ServiceConfigurationCreated += new EventHandler
<Microsoft.IdentityModel.Web.Configuration.ServiceConfigurationCreatedEventArgs>(AttachCert);
}
protected void AttachCert(object sender, Microsoft.IdentityModel.Web.Configuration.ServiceConfigurationCreatedEventArgs e)
{
var filename = string.Format("{0}\\{1}\\{2}", System.Web.Hosting.HostingEnvironment.ApplicationPhysicalPath, "App_Data\\certificates", "CERTNAME.pfx");
var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(filename, "YOURPASSWORD");
var _configuration = e.ServiceConfiguration;
_configuration.ServiceCertificate = cert;
var certificates = new List<System.IdentityModel.Tokens.SecurityToken> { new System.IdentityModel.Tokens.X509SecurityToken(
_configuration.ServiceCertificate) };
var encryptedSecurityTokenHandler =
(from handler in _configuration.SecurityTokenHandlers
where handler is Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler
select handler).First() as Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler;
_configuration.ServiceTokenResolver = encryptedSecurityTokenHandler.Configuration.ServiceTokenResolver =
System.IdentityModel.Selectors.SecurityTokenResolver.CreateDefaultSecurityTokenResolver(certificates.AsReadOnly(), false);
}
如何從SSL證書文件(而不是Windows證書存儲區)中提取指紋?
[英]How do I pull the thumbprint out of a SSL certificate FILE (not the windows cert store)?
如何使用 Delphi 從 windows 證書存儲讀取 SSL 證書
[英]How to read SSL certificate from windows certificate store using Delphi
Java:以編程方式從信任存儲中讀取SSL證書信息
[英]Java: read SSL certificate information from Trust Store programmatically
當CA證書是常量時,ESP32 SSL連接有效,但從文件讀取時則不行
[英]ESP32 SSL connection works when CA Certificate is a constant, but not when read from a file
安裝證書后如何解決錯誤代碼:SSL_ERROR_BAD_CERT_DOMAIN?
[英]How can I fix Error code: SSL_ERROR_BAD_CERT_DOMAIN after installing certificate?
Web應用程序的Web瀏覽器中的SSL證書是否與SAML 2.0安全證書相同?
[英]Is the SSL Certificate in a web-browser for a web app the same as the SAML 2.0 security cert?
如何在不設置 SSL 證書的情況下從 an.app 域(需要 SSL)重定向到具有現有 SSL 證書設置的域?
[英]How can I redirect from an .app domain (which requires SSL) without setting up SSL cert to a domain with existing SSL cert setup?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.