从Asp.Net将SAML令牌传递到WCF服务 [英] Passing SAML Token to WCF service from Asp.Net
问题描述
当我尝试从已由另一个asp.net应用程序(IP)进行身份验证的asp.net应用程序(RP)调用WCF服务时,我收到一条包含登录页面内容的错误消息(它试图进入登录页面,因为它无法验证请求.
When i try to invoke a WCF service from an asp.net application (RP) which is authenticated by another asp.net application(IP) , I'm getting an error message with content of Login page (It is trying to reach the login page because it could not authenticate the request).
身份提供者:_http://localhost/AuthenticatonWS/Login.aspx
Identity Provider : _http://localhost/AuthenticatonWS/Login.aspx
依赖方网站:_http://localhost/RPWebsite/Default.aspx
Relying party Website : _http://localhost/RPWebsite/Default.aspx
WCF服务:_http://localhost/RPWebsite/Service1.svc
WCF Service : _http://localhost/RPWebsite/Service1.svc
(在我的解决方案中,我从default.aspx.cs调用service1.svc)
(In my solution I'm calling service1.svc from default.aspx.cs)
我不希望该服务是匿名的.当前,站点(RPWebsite)使用STS并信任本地身份提供者,但在生产中,它可以通过ADFS信任任何外部身份提供者.
I don't want the service to be anonymous. Currently the site (RPWebsite) uses STS and trusts local Identity provider, but in production it can trust any external identity provider thru ADFS.
任何人都可以指导我如何将令牌信息从aspx页面传递到服务吗?我确实尝试了互联网上的几个示例,但是我无法使它正常工作.
Can any one guide me how i can pass the token information to the service from aspx page, I did try several examples from internet but i could not get it working.
推荐答案
我认为有几种选择:
- 使用支持多个客户端会话的持久身份验证Cookie.或者支持您的RP和WCF服务之间的共享会话,以便当RP调用WCF服务时WCF可以重新利用为RP发出的身份验证cookie.老实说,我从未尝试过将其付诸实践.这只是我的理论.
- 创建一个不需要用户交互(例如输入用户名/密码)的单独身份验证服务.然后,您可以通过多种方式从RP调用WCF:
- 在您的RP中,要求身份验证服务为WCF发行令牌;将令牌附加到WCF调用的请求标头中(例如:授权);然后致电WCF服务.这需要一个自定义的HttpModule才能在WCF服务上接受包含令牌的自定义请求标头.
- 您还可以在RP中存储UserName/Password(用户名/密码)或可以识别用户的唯一用户身份声明;将这些信息附加到WCF调用的请求标头中(例如:授权);然后致电WCF服务.这还需要自定义HttpModule才能在WCF服务上接受自定义请求标头.
- Using Persistent Authentication Cookies that support multiple client sessions. Or support sharing session between your RP and WCF service, so that WCF can re-utilized the authentication cookies issued for RP when RP makes a call to WCF service. To be honest, I have never tried to implement this in action. It is just my theory.
- Create an separate authentication service which require no user-interaction (such as entering username/password). And then you have plenty of way to call WCF from your RP:
- From your RP, ask the authentication service to issue a token for WCF; attach the token into request header of WCF call (e.g.: Authorization); then call WCF service. This requires a custom HttpModule to accept custom request header containing token at WCF service.
- From your RP, you can also store UserName/Password, or an unique user identity claim which could identify the user; attach those information into request header of WCF call (e.g.: Authorization); then call WCF service. This also requires custom HttpModule to accept custom request header at WCF service.
I would recommend the second option, which you could find more useful information and guideline from Dominick Baier's blog.
只有我的2美分.
这篇关于从Asp.Net将SAML令牌传递到WCF服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!