ASP.NET WIF从AD FS服务器检索LDAP属性作为声明 [英] ASP.NET WIF Retrieve LDAP attributes as claims from AD FS server
问题描述
对于WFS,ADFS是完全陌生的。.我遵循问题中的代码:,并能够使用它来被动身份验证针对AD FS登录的用户。但是,我不清楚如何通过我在ADFS服务器中配置的依赖方信托的理赔规则对tp查询AD FS以便该用户检索其某些LDAP属性。有任何想法吗?希望使用与我上面引用的代码相似的代码来检索声明而不是进行身份验证。
Completely new to ADFS, WIF, claims.. I followed the code in the question: ASP.NET web forms - how to combine WIF authentification with membership provider and role provider and was able to use it to passively authenticate user logged in against AD FS. However, I'm at a lost as to how tp query AD FS for this user to retrieve some of its LDAP attributes as I've configured them through the Relying Party Trust's Claims Rules as I configured within the ADFS Server. Any ideas? Was hoping to use similar code as I've referenced above to retrieve the claims instead of authenticating.
推荐答案
问题的最大一部分是上述代码完全不依赖于ADFS。而是,它在本地创建身份。
Biggest part of the problem is that the mentioned code doesn't rely on ADFS at all. Rather, it creates the identity locally.
我相信您应该将被动流与ADFS一起使用,即您希望将浏览器重定向到ADFS,然后再要求用户声明。在我的教程之一中,描述了一种最简单的方法:
I believe you should rather use a passive flow with ADFS, i.e. you want your browser to be redirected to ADFS and then you want user claims back. One of the easiest ways is described here, in one of my tutorials:
http://www.wiktorzychla.com/2014/11/simplest-saml11-federated-authentication.html
这篇关于ASP.NET WIF从AD FS服务器检索LDAP属性作为声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
