Azure的ACS建立在C＃ [英] Azure ACS Set Up in C#

问题描述

我在看几个例子使用ACS，并决然他们让我觉得自己很蠢。

我看了看网上的教程好像所有我需要的是在配置以下行：

 的httpRuntime requestValidationMode =2.0
 

但在这示例项目 SimpleMVC4曾在其配置中没有这样的行。更糟的是，我没有看到任何东西在里面引用ACS库什么，可能是。

在另一方面，MVC3样品有一堆乱码，包括一个Ajax请求一个javascript呵呵！？

 公共常量字符串HrdPath =V2 /元/ IdentityProviders.js    ///＆LT;总结＆gt;
    ///获取URL与查询字符串重新presenting申请
    ///＆LT; /总结＆gt;
    ///＆LT;＆回报GT;＆LT; /回报＆GT;
    公共字符串GetUrlWithQueryString（）
    {
        uriBuilder.Path = HrdPath;
        uriBuilder.Query = parameters.ToQueryString（）;        返回uriBuilder.Uri.AbsoluteUri;
    }
 

和在Raxor视图

  $（＃签到）。点击（函数（）{
        //
        //明确JSONP回调可以用来做身份提供数据的客户端缓存。
        //
        $阿贾克斯（{
            网址：@ Html.Raw（Model.GetUrlWithQueryString（）），
            数据类型：JSONP
 

呵呵！？

看我能不能得到一些简单的（白痴证明）指针？

1. 我是一个依赖方


2. 我有一个MVC的控制器动作，我想告诉用户这里是身份提供商（IP），他们可以使用，以及它们各自的网址，以及生成将被验证令牌在步骤（3），下面。我如何获得这个在C＃code？


3. 有一次，客户端，ACS，IP与他们的业务做的，我不在乎那是什么，就我而言，所有这些是客户端，ACS和IP之间。我应该从用户的另一个请求。我该怎么用这个要求呢？如何验证用户是否洁净？而且，他们没有伪造步骤令牌（2）以上。

解决方案

我也有过类似的痛苦消失在最近的过去。我是这样一个完整的新手和有相当很难理解这一切。我发现 Pluralsight从多米尼克·拜尔课程在理解这些概念中非常有用

现在来到您的问题。

  

我有一个MVC控制器操作，在这里我想告诉用户是
  身份提供者（IP），它们都可以使用，并且它们各自的网址
  以及生成将在步骤（3）进行验证令牌，
  下面。我如何获得这个在C＃code？

请看看这个博客帖子创建您的最终登录页面：<一href=\"https://www.simple-talk.com/cloud/development/creating-a-custom-login-page-for-federated-authentication-with-windows-azure-acs/\" rel=\"nofollow\">https://www.simple-talk.com/cloud/development/creating-a-custom-login-page-for-federated-authentication-with-windows-azure-acs/

  

有一次，客户端，ACS，IP与他们的业务做的，我不在乎
  那是什么，就我而言，所有这些是客户端之间，
  ACS和IP地址。我应该从用户的另一个请求。我该怎么
  与此要求？如何验证用户是否洁净？然后
  他们没有伪造从步骤令牌上述（2）。

我不认为你需要在这里做什么特别的事情。 ASP.Net管道由主要的 IsAuthenticated 属性设置来真正需要照顾它。下面是我的code目前看起来像（主要来自上面的博客文章获得）。对我来说，整个应用程序被保护，默认情况下用户登陆主页上。我检查，如果用户进行身份验证或没有。如果他们没有经过认证的，我告诉他们在ACS配置的所有身份提供商，用户可以登录使用任何这些。一旦认证成功，ACS发送用户返回到同一网页和此时的用户通过验证。在我的code，我做了一堆需要为我的申请要求改造，如果用户进行身份验证。

控制器

 公众的ActionResult指数（）
        {
            如果（！ClaimsPrincipal.Current.Identity.IsAuthenticated）
            {
                VAR idpsUrl =IdentityProvidersUrl从ACS登录页摘自
                VAR的WebClient =新的Web客户端（）
                {
                    编码= Encoding.UTF8，
                };
                VAR jsonList = webClient.DownloadString（idpsUrl）;
                VAR acsResult = JsonConvert.DeserializeObject＆LT;名单，LT; IdentityProvider＆GT;＆GT;（jsonList）;
                返回查看（acsResult）;
            }
            其他
            {
                VAR本金= ClaimsPrincipal.Current;
                VAR索赔= principal.Claims;
                //如果变换需要任何权利要求中进行，可以在这里完成。
            }
        }
 

查看

  @ {
    ViewBag.Title =指数;
}
＆LT; H2＆GT;指数＆LT; / H＆GT;    @foreach（以型号VAR P）
    {
        ＆所述p为H.;
            ＆所述; A HREF =@ p.LoginUrl＆GT; @ p.ToString（）＆下; / A＆GT;
        ＆所述; / P＆GT;
    }
 

型号

 公共类IdentityProvider
{
    公开名单＆LT;串GT; EmailAddressSuffixes {搞定;组; }
    公共字符串的ImageUrl {搞定;组; }
    公共字符串LoginUrl {搞定;组; }
    公共字符串LogoutUrl {搞定;组; }
    公共字符串名称{;组; }    公共重写字符串的ToString（）
    {
        返回名称;
    }
}
 

I am looking at several examples for using ACS, and decidedly they do make me feel stupid.

I looked at the tutorial online it seems like all I need was the following line in the config:

  httpRuntime requestValidationMode="2.0"

But some other examples in this sample project SimpleMVC4 had no such line in its configuration. Worse, I didn't see anything in there that references ACS library whatever that might be.

The MVC3 sample on the other hand had a bunch of gibberish including an ajax request to a javascript huh!?

    public const string HrdPath = "v2/metadata/IdentityProviders.js";

    /// <summary>
    /// Gets the url with its query string representing this request
    /// </summary>
    /// <returns></returns>
    public string GetUrlWithQueryString()
    {
        uriBuilder.Path = HrdPath;
        uriBuilder.Query = parameters.ToQueryString();

        return uriBuilder.Uri.AbsoluteUri;
    }

and in the Raxor View

    $("#signIn").click(function () {
        //
        // Explicit JSONP callback can be used to do client side caching of identity provider data.
        //
        $.ajax({
            url: "@Html.Raw(Model.GetUrlWithQueryString())",
            dataType: "jsonp",

HUH!?

Look can I just get some simple (idiot proof) pointers?

1. I am a relying party
2. I have got an MVC controller action, I want to tell users here are the Identity Providers (IP) that they can use, and their respective URLs as well as generating the tokens that will be verified in step (3), below. How do I get to this in a C# code?
3. Once, the client, ACS, IP are done with their business, I don't care what that is, as far as I'm concerned all those is between the client, ACS and the IP. I should get another request from the user. What do I do with this request? How do I verify if the user is kosher? And that they did not falsify the token from step (2) above.

解决方案

I too have gone through similar pain in recent past. I was a complete newbie with this and had quite a hard time understanding all this. I found Pluralsight Courses from Dominick Baier quite useful in understanding these concepts.

Now coming to your questions.

I have got an MVC controller action, I want to tell users here are the Identity Providers (IP) that they can use, and their respective URLs as well as generating the tokens that will be verified in step (3), below. How do I get to this in a C# code?

Do take a look at this blog post for creating the login page on your end: https://www.simple-talk.com/cloud/development/creating-a-custom-login-page-for-federated-authentication-with-windows-azure-acs/

Once, the client, ACS, IP are done with their business, I don't care what that is, as far as I'm concerned all those is between the client, ACS and the IP. I should get another request from the user. What do I do with this request? How do I verify if the user is kosher? And that they did not falsify the token from step (2) above.

I don't think you would need to do anything special here. ASP.Net pipeline takes care of it for you by setting the IsAuthenticated property of the Principal to true. Here's what my code currently looks like (mostly taken from the blog post above). For me, the entire application is protected and by default the user lands on the home page. I check if the user is authenticated or not. If they're not authenticated, I show them all Identity Providers configured in ACS and the user can login using any of those. Once the authentication is successful, ACS sends the user back to the same page and this time the user is authenticated. In my code, I do a bunch of claims transformation needed for my application if the user is authenticated.

Controller

public ActionResult Index()
        {
            if (!ClaimsPrincipal.Current.Identity.IsAuthenticated)
            {
                var idpsUrl = "IdentityProvidersUrl Taken from ACS Login Page";
                var webClient = new WebClient()
                {
                    Encoding = Encoding.UTF8,
                };
                var jsonList = webClient.DownloadString(idpsUrl);
                var acsResult = JsonConvert.DeserializeObject<List<IdentityProvider>>(jsonList);
                return View(acsResult);
            }
            else
            {
                var principal = ClaimsPrincipal.Current;
                var claims = principal.Claims;
                //If any claims transformation needs to be done, that can be done here.
            }
        }

View

@{
    ViewBag.Title = "Index";
}


<h2>Index</h2>

    @foreach (var p in Model)
    {
        <p>
            <a href="@p.LoginUrl">@p.ToString()</a>
        </p>
    }

Model

public class IdentityProvider
{
    public List<string> EmailAddressSuffixes { get; set; }
    public string ImageUrl { get; set; }
    public string LoginUrl { get; set; }
    public string LogoutUrl { get; set; }
    public string Name { get; set; }

    public override string ToString()
    {
        return Name;
    }
}

这篇关于Azure的ACS建立在C＃的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！