如何使用 WIF 在代码中获取序列化的 http 请求声明? [英] How to grab serialized in http request claims in a code using WIF?

问题描述

ADFS 2.0、WIF(WS-Federation)、ASP.NET:在 web.config 中没有定义 http 模块或任何 IdentityFoundation 配置(就像大多数 WIF SDK 示例所示)，而是通过程序代码手动使用WSFederationAuthenticationModule、ServiceConfiguration 和 SignInRequestMessage 类.我在代码中将 http 重定向到 ADFS，它似乎工作正常，返回声明并将用户重定向回我的网站，并在 http 请求中使用序列化声明.所以问题是如何使用 WIF 类、属性和方法解析此请求并从中提取声明值?谢谢

ADFS 2.0, WIF (WS-Federation), ASP.NET: There is no http modules or any IdentityFoundation configuration defined in a web.config (like most WIF SDK samples show), instead everything is done via program code manually using WSFederationAuthenticationModule, ServiceConfiguration and SignInRequestMessage classes. I do http redirect to ADFS in a code and it seems to work fine, returning claims and redirecting user back to my web site with serialized claims in http request. So the question is how to parse this request using WIF classes, properties and methods and extract claims values from there? Thanks

推荐答案

以防万一想分享我的经验，它可能在未来对某人有所帮助.好吧，我最终想到的解决方案是这样的:

Just in case want to share my experience, it might help somebody in the future. Well, solution I finally came to looks like this:

 var message = SignInResponseMessage.CreateFromFormPost(Request) as SignInResponseMessage;

 var rstr = new WSFederationSerializer().CreateResponse(message, new WSTrustSerializationContext(SecurityTokenHandlerCollectionManager.CreateDefaultSecurityTokenHandlerCollectionManager()));

 var issuers = new ConfigurationBasedIssuerNameRegistry();
 issuers.AddTrustedIssuer("630AF999EA69AF4917362D30C9EEA00C22D9A343", @"http://MyADFSServer/adfs/services/trust");

 var tokenHandler = new Saml11SecurityTokenHandler {CertificateValidator = X509CertificateValidator.None};   
 var config = new SecurityTokenHandlerConfiguration{
     CertificateValidator = X509CertificateValidator.None,
     IssuerNameRegistry = issuers};

 config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("MyUri"));
 tokenHandler.Configuration = config;
 using(var reader=XmlReader.Create(new StringReader(rstr.RequestedSecurityToken.SecurityTokenXml.OuterXml)))
   {
     token = tokenHandler.ReadToken(reader);
   }
 ClaimsIdentityCollection claimsIdentity = tokenHandler.ValidateToken(token);

我发现很少有类似的代码使用 SecurityTokenServiceConfiguration(它包含令牌处理程序)而不是 Saml11SecurityTokenHandler 来读取和解析令牌，但是由于证书验证失败，它对我不起作用.将 SecurityTokenServiceConfiguration.CertificateValidator 设置为 X509CertificateValidator.None 没有帮助，因为安全令牌处理程序类使用它们自己的处理程序配置并忽略 STS 配置值，至少如果您通过像我一样的代码，但是如果在 web.config 中定义了配置，它就可以正常工作.

I found few similar code that uses SecurityTokenServiceConfiguration (it contains token handlers) instead of Saml11SecurityTokenHandler to read and parse token, however it did not work for me because of certificate validation failure. Setting SecurityTokenServiceConfiguration.CertificateValidator to X509CertificateValidator.None did not help coz Security Token Handler classes uses their own handler configuration and ignores STS configuration values, at least if you specify configuration parameters through the code like I did, however it works fine in case configuration is defined in web.config.

这篇关于如何使用 WIF 在代码中获取序列化的 http 请求声明?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！