使用ADFS进行基于令牌的身份验证 [英] Token based authentication using ADFS

问题描述

Hello All，



我正在使用将ADFS登录页面与我的应用程序集成的功能。



流程



用户将尝试访问页面。这里系统将尝试验证用户。



系统会将用户重定向到ADFS登录页面。



用户将输入登录信息。如果用户已通过身份验证，则用户将被重定向回具有授权令牌信息的应用程序。



当页面被重定向时，我将难以阅读令牌信息。



我尝试了什么：



我可以重定向页面如果用户使用以下网址格式进行身份验证，则还可以重定向到我的系统：



https：// adfs-domain-name / adfs / ls



请在返回页面阅读令牌信息后找到我正在使用的以下代码片段。

Hello All,

I am working with the functionality to integrate ADFS login page with my application.

Flow

User will try to visit page. Here system will try to authenticate user.

System will redirect user to ADFS login page.

User will enter login information. If user is authenticated then user will be redirected back to the application with authorized token information.

I am facing difficulties to read the token information when the page is redirected back.

What I have tried:

I am able to redirect page to ADFS login page and also can redirect back to my system if the user is authenticated using below url format:

https://adfs-domain-name/adfs/ls

Please find the below code snippet which I am using after getting back the page to read token information.

ClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as ClaimsPrincipal;
bool IsAuthenticated = claimsPrincipal.Identity.IsAuthenticated;
int ClaimCount = claimsPrincipal.Claims.Count();

这里我将IsAuthenticated视为false，将ClaimCount视为0结果。



我的代码或连接ADFS登录页面的方式有什么不正确吗？



任何人都可以帮我解决这个问题？



如果您有任何疑虑或疑问，或者我遗失了什么，请告诉我。

Here I am getting IsAuthenticated as false and ClaimCount as 0 result.

Is there anything incorrect in my code or way to connect ADFS login page ?

Can anyone help me to fix this ?

Please let me know if you have any concern or query or if I am missing something.

推荐答案

我在配置文件中做了一些配置，现在系统将获取索赔信息

I have done some configurations in config file and now system is going to fetch the claims information

<system.identityModel>  
    <identityConfiguration>  
        <audienceUris>  
            <add value="http://localhost:28503/" />  
        </audienceUris>  
        <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">  
            <trustedIssuers>  
                <add thumbprint="1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ1234" name="YourSTSName" />  
            </trustedIssuers>   
        </issuerNameRegistry>  
        <certificateValidation certificateValidationMode="None" />  
    </identityConfiguration>  
</system.identityModel>  
<system.identityModel.services>  
    <federationConfiguration>  
        <cookieHandler requireSsl="false" />  
        <wsFederation passiveRedirectEnabled="true" issuer="http://localhost:13922/wsFederationSTS/Issue" realm="http://localhost:28503/" reply="http://localhost:28503/" requireHttps="false" />  
    </federationConfiguration>  
</system.identityModel.services>  

这里我收到以下错误：



ID4175：IssuerNameRegistry无法识别安全令牌的发行者。要接受来自此发行者的安全令牌，请配置IssuerNameRegistry以返回此发行者的有效名称。



所有文章建议检查证书信息（指纹和主题名称）



我仔细检查证书的主题名称和指纹，所以他们是对的。



任何人都可以帮我修理一下吗？



我相信在修正错误后，我将能够获得索赔信息。



请指教。

Here I am getting below error:

"ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer."

All the articles suggest to check the certificate information (Thumbprint and subject name)

I have double check the subject name and Thumbprint of the certificate, so they are correct.

Can anyone help me to fix the same ?

I believe that after fixing the error I will be able to get the claims information.

Please advise.

这篇关于使用ADFS进行基于令牌的身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！