web.config将saml安全令牌转换为领取委托人 [英] web.config convert saml security token to claim principal
问题描述
我在验证安全令牌时遇到问题,我也尝试使用您的代码和其他代码,但是当它尝试验证ST时,我出现了以下错误: ID4175:IssuerNameRegistry无法识别安全令牌的发行者.要接受来自此发行者的安全令牌,请配置IssuerNameRegistry以返回该发行者的有效名称
I have problem to validate the security token, i tried to use your code and other too, but when it try to validate ST I have thi error: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer
我不知道网络配置是否火爆,您能帮我吗?
i don't know hot confire the web config, can you help me?
这是代码:
//Microsoft.IdentityModel.Configuration.ServiceConfiguration serviceConfig = new Microsoft.IdentityModel.Configuration.ServiceConfiguration();
//Microsoft.IdentityModel.Configuration.ServiceConfiguration serviceConfig = new Microsoft.IdentityModel.Configuration.ServiceConfiguration();
// Now read the token and convert it to an IPrincipal
System.IdentityModel.Tokens.SecurityToken theToken = null;
ClaimsIdentityCollection claimsIdentity = null;
using (XmlReader reader2 = XmlReader.Create(new StringReader(samlTokenXml)))
{
theToken = serviceConfig.SecurityTokenHandlers.ReadToken(reader2);
claimsIdentity = serviceConfig.SecurityTokenHandlers.ValidateToken(theToken);
}
IPrincipal principal = new ClaimsPrincipal(claimsIdentity);
谢谢 佩佩
推荐答案
WIF具有ConfigurationBasedIssuerNameRegistry类,您可以在其中将签名指纹映射到(您选择的)发行者名称.
WIF has the ConfigurationBasedIssuerNameRegistry class where you can map the signing thumbprint to an issuer name (of your choice).
要么以编程方式对新的类进行分类,然后将其分配给ServiceConfiguration-要么在web.config中进行.
Either new that class up programmatically and assign it to the ServiceConfiguration - or do it in web.config.
您需要了解发行人的指纹才能成功验证令牌-询问向您发送令牌的人.
You need to know the thumbprint of the issuer though to succesfully validate the token - ask whoever sends you the token.
这篇关于web.config将saml安全令牌转换为领取委托人的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!