我应该如何在ASP.NET MVC 4的服务提供商实现SAMLP 2.0? [英] How should I implement SAMLP 2.0 in an ASP.NET MVC 4 service provider?
问题描述
我发展在C#中的MVC 4 Web应用程序,并希望使用现有的SAML 2.0身份提供程序来处理登录。我使用 HTTP POST绑定与 SimpleSAMLphp 。
I'm developing an MVC 4 web application in C# and want to handle login using an existing SAML 2.0 identity provider. I am using HTTP POST binding with SimpleSAMLphp.
这似乎是在.NET 4.5,我应该使用的 Windows标识基础 。首先,我试图安装身份和访问工具。 (我使用Visual Studio 2013,这是应该有这个工具集成在一起,但VS2013的版本的不支持重入,这意味着我不能用它来增加WIF支持我现有的应用程序。)
It seems like, in .NET 4.5, I should be using Windows Identity Foundation. First, I tried to install the Identity and Access Tool. (I am using Visual Studio 2013, which is supposed to have this tool integrated, but VS2013's version doesn't support "re-entrancy", meaning I can't use it to add WIF support to my existing application.)
指向的身份和访问工具,以我的身份提供者的元数据后,我收到此错误信息:
After pointing the Identity and Access Tool to my identity provider's metadata, I get this error message:
显然,这是错误消息,指出 SAMLP 2.0不支持的WIF 。这似乎是来自SAML 2.0的令牌的,这是支持(至少,这过时文档表明有一个 Microsoft.IdentityModel.Tokens.Saml2 命名空间)。
Apparently, this is the error message that indicates that SAMLP 2.0 is not supported by WIF. This seems to be distinct from SAML 2.0 tokens, which are supported (at least, this outdated documentation indicates that there was a Microsoft.IdentityModel.Tokens.Saml2 namespace).
然后我发现了 <一个href="http://blogs.msdn.com/b/card/archive/2011/05/16/announcing-the-wif-extension-for-saml-2-0-protocol-community-technology-$p$pview.aspx">WIF扩展SAML 2.0 。但是,这种发行于2011年5月,似乎并不从那时起已经感动了。但是,我下载了扩展,并试图建立包含在ZIP文件的SamlConfigTool。该工具是告诉我的控制台应用程序:
I then discovered the WIF Extension for SAML 2.0. However, this was released in May 2011 and doesn't seem to have been touched since then. Nonetheless, I downloaded the extension and attempted to build the SamlConfigTool included in the ZIP file. The tool is a console application which informs me that:
此工具会提示创建描述您的信赖方的元数据文件所需的信息。它会提示的合作伙伴元数据文件中的地址进行下载。最后,它会输出一个名为 Changes_To_Web_Config.xml 有应尽到您的网站的web.config文件以启用SAML保护的更改。
This tool will prompt for information needed to create a metadata file that describes your relying party. It will prompt for the addresses of partner metadata files to be downloaded. Finally, it will output a file called
Changes_To_Web_Config.xmlthat has the changes that should be made to your web site's web.config file to enable SAML protection.
进入我的实体ID和SAML端点后,SamlConfigTool迅速崩溃。好吧,也许我并不需要使用的配置工具,我可以只复制什么的样的ServiceProvider VS完成项目。迁移之后,我能够在VS2012中打开该项目,但它不是我清楚它究竟是如何工作的 - 这似乎并没有包含任何C#code,在Web.config中只是新的条目。目前尚不清楚对我来说,我应该如何适应这种配置,以取代自定义登录code在我的MVC 4应用程序,并在依靠从3年前死库似乎不是一个好主意无论如何。
After entering my entity ID and SAML endpoint, the SamlConfigTool promptly crashed. Okay, maybe I don't need to use the configuration tool and I can just copy what's done in the sample ServiceProvider VS project. After migration, I'm able to open the project in VS2012, but it's not clear to me exactly how it works — it doesn't seem to contain any C# code, just new entries in Web.config. It's not clear to me how I should adapt this configuration to replace the custom login code in my MVC 4 app, and in any case relying on a dead library from 3 years ago doesn't seem like a great idea.
因此,什么是ASP.NET MVC实现SAML 2.0的最佳方式4 ?我目前解码,编码,解析和COM pressing XML用手感觉应该有一个更简单的方法。
So, what is the best way to implement SAML 2.0 in ASP.NET MVC 4? I'm currently decoding, encoding, parsing and compressing XML by hand and it feels like there should be an easier way.
推荐答案
您说得对,WIF(现在被移到System.IdentityModel在核心.NET)只支持的 SAML2标记的,而不是中的 SAML2协议的实施服务提供商必须的。
You're right in that WIF (now moved into core .NET under System.IdentityModel) only supports the SAML2 tokens and not the SAML2 protocols required to implement a service provider.
Kentor.AuthServices 是一个开放源代码的SP实现ASP.NET MVC构建在.NET 4.5之上。安装包,并在web.config中添加一些设置 - 无需编码
Kentor.AuthServices is an open source SP implementation for ASP.NET MVC built on top of .NET 4.5. Install the package and add some settings in web.config - no coding required.
免责声明:我Kentor.AuthServices的作者的
这篇关于我应该如何在ASP.NET MVC 4的服务提供商实现SAMLP 2.0?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
