从RP(依赖方)更改SAML令牌 - 无需返回到STS [英] Changing a SAML token from an RP (Relying Party) - WITHOUT RETURNING TO STS
问题描述
这是可能的,更改SAML令牌,从而更改IClaimsPrincipal 集合。
我已经通过此主题中建议的方法更新了令牌:
http://social.msdn。 microsoft.com/Forums/en-US/Geneva/thread/bc1d21df-837e-4686-84cd-f918d26720a2
但是我们无法承受返回STS的性能损失,因为这是一个混合应用程序,其中网站上的不同页面位于预先对比云上,这将导致许多额外请求和糟糕的用户体验。
是否有办法挂钩FederatedAuthenticationModule或其他东西这些行?
Jonathon
Hi, it this possible, to change the SAML token and hence the IClaimsPrincipal collection.
I've already achieved updating a token via the method suggested in this thread:
http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/bc1d21df-837e-4686-84cd-f918d26720a2
But we cannot take the performance hit of returning to the STS as this is a hybrid application where different pages on the site are located on-premesis vs the cloud and this would incur to many extra requests and bad user experience.
Is there a way to hook into the FederatedAuthenticationModule or something along those lines?
Jonathon
推荐答案
您好Jonathon,
SessionConuthenticationModule公开一个OnSessionSecurityTokenReceived事件,您可以在其中修改收到的会话令牌并设置新的ses为了安全起见,建议调用SessionAuthenticationModule.ValidateSessionToken(oldToken),然后根据旧版本发出新的会话令牌。
如果你想要新会话令牌将被写回cookie,请确保将ReissueCookie事件arg设置为true。
希望这会有所帮助。
Vani。
Hi Jonathon,
The SessionAuthenticationModule exposes an OnSessionSecurityTokenReceived event where you can modify the received session token and set a new session token.
For security, calling SessionAuthenticationModule.ValidateSessionToken( oldToken ) is recommended, before issuing the new session token based on the old.
If you want the new session token to be written back as cookie, make sure you set the ReissueCookie event arg to true.
Hope this helps.
Vani.
这篇关于从RP(依赖方)更改SAML令牌 - 无需返回到STS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!