如何设置一个ASP.Net MVC 5个网站的NameClaimType? [英] How to set the NameClaimType in an ASP.Net MVC 5 site?
问题描述
我一直在使用微软的开 - premises组织的帐户认证机制创建一个ASP.Net MVC 5个网站。这是最终配置为指向我公司ADFS基础设施。我取回所有配置的索赔。然而,在运行时,ClaimsIdentity.Name是空白的。这是因为,ClaimsIdentity.NameClaimType,默认情况下,似乎是:
I've created an ASP.Net MVC 5 site using Microsoft's "On-Premises" Organization Account Authentication mechanism. This is ultimately configured to point to my companies ADFS infrastructure. I'm getting back all the configured claims. However, at runtime, the ClaimsIdentity.Name is blank. This is because the ClaimsIdentity.NameClaimType, by default, appears to be:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
不过,我想ClaimsIdentity.Name我映射为:
However, I want the ClaimsIdentity.Name to me mapped to:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
根据微软文档 ,设置此web.config中的地方是securityTokenHandlers元素的添加元素中:
According to Microsoft Docs, the place to set this in web.config is within the Add element of the securityTokenHandlers element:
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<add>
<samlSecurityTokenRequirement>
<nameClaimType value=xs:string>
</nameClaimType>
</samlSecurityTokenRequirement>
</add>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
在我的ASP.Net MVC 5 web.config中,这看起来适用,并通过智能感知检查的唯一的事情最终看起来是这样的:
In my ASP.Net MVC 5 web.config, the only thing that looks applicable, and passes intellisense checks ends up looking like this:
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
<samlSecurityTokenRequirement>
<nameClaimType value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"/>
</samlSecurityTokenRequirement>
</add>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
然而,这似乎没有任何效果。我的MVC应用程序仍然报告一个空白ClaimsIdentity.Name场和ClaimsIdentity.NameClaimType仍然是:
However, this appears to have no effect. My MVC app still reports a blank ClaimsIdentity.Name field and the ClaimsIdentity.NameClaimType continues to be:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
我应该我的web.config看起来喜欢我现有的索赔到ClaimsIdentity.Name字段映射?
What should my Web.Config look like to map my existing claim into the ClaimsIdentity.Name field?
推荐答案
我发现,使用以下securityTokenHandlers节让我的地方,我需要的是基于从我的ADFS系统SAML 2.0的有效载荷:
I found that using the following securityTokenHandlers section got me to where I needed to be based on a SAML 2.0 payload from my ADFS system:
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
<samlSecurityTokenRequirement>
<nameClaimType value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
</samlSecurityTokenRequirement>
</add>
</securityTokenHandlers>
我不能完全肯定如何索赔正在使用默认的web.config消耗,因为没有SAML令牌处理程序配置。也许一些源$ C $ C做了一些默认的行为...
I'm not at all certain how the claims were being consumed with the default web.config since no Saml token handler was configured. Maybe something in the source code does some default behavior...
这篇关于如何设置一个ASP.Net MVC 5个网站的NameClaimType?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
