ACS是否支持通过WS-Trust / ActA进行身份委派？ [英] Is identity delegation via WS-Trust/ActAs supported in ACS?

问题描述

我刚刚开始使用基于声明的安全性，并且有一个与身份委派有关的问题。我设法建立了一个本地虚拟STS和几个依靠它进行身份验证的WCF服务。一个Web应用程序通过STS对用户进行身份验证，并代表用户使用 ChannelFactory.CreateChannelActingAs ）。

I'm just getting started with claims-based security and have a question related to identity delegation. I've managed to set up a local dummy STS and a couple of WCF services that relies on it for authentication. A web application authenticates the user via the STS and makes a call to Service A on behalf of the user (using ChannelFactory.CreateChannelActingAs). This works fine.

现在，我想使用Azure访问控制服务（ACS）作为联合身份验证提供程序，并使用Google帐户（或其他任何方式）登录，完全删除虚拟STS。我可以对Web应用程序进行身份验证，但是在尝试调用Web服务时收到错误请求响应。

Now I would like to use Azure Access Control Service (ACS) as a federation provider and sign in using a Google account (or whatever) instead, getting rid of the dummy STS altogether. I'm able to authenticate to the web application, but receive a "bad request" response when trying to make the call to the web service.

我意识到可能是问题所在，但后来也令我感到震惊的是，我还没有真正检查过ACS是否支持WS-Trust的ActA概念。我发现一个论坛线程，表示不支持ActAs，但已使用了六个月。

I realize that a number of things could be the problem, but then it also hit me that I haven't really checked if ACS even supports this ActAs concept of WS-Trust. I've found a forum thread that indicates that ActAs is not supported, but it's about six months old.

任何人都可以确认是否支持ACS？是否支持？

Can anyone confirm whether ActAs is supported in ACS? And if not, is there any other clever way of implementing identity delegation that is supported?

推荐答案

否，ACS不支持ActAs。您将不得不使用其他STS（例如您自己的STS，ADFS等）

No, ActAs is not yet supported in ACS. You would have to use another STS (e.g. your own, ADFS, etc)

这篇关于ACS是否支持通过WS-Trust / ActA进行身份委派？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！