MVC5的Web应用程序中使用ADFS开 - premises组织验证和Visual Studio 2013开发本地主机 [英] MVC5 Web app using ADFS On-Premises Organizational Auth and Visual Studio 2013 localhost development
问题描述
我想创建配置为使用开 - $ P $的MVC5 Web应用程序pmises描述组织验证的选项(ADFS)<一个href=\"http://www.cloudidentity.com/blog/2014/02/12/use-the-on-$p$pmises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/\"相对=nofollow>这里由维托里奥Bertocci
I am trying to create an MVC5 Web Application configured to use the On-Premises Organizational Authenticated Option (ADFS) as described Here by Vittorio Bertocci
首先,我创建新的MVC项目。然后,我更改身份验证到片premises。设置开premises管理局到我的ADFS联合元数据终结点。我检查,以确保联邦XML元数据可以达成,这是。我离开应用程序ID URI领域的空白接受默认值。我已经做到两者提供的价值和留空。
First, I create new MVC project. Then I change the Authentication to On-Premises. Set the On-Premises Authority to my ADFS federation metadata Endpoint. I checked to make sure the federation metadata xml could be reached and it was. I leave the App ID URI field blank accepting the default value. I ve done both, provided a value and left blank.
然后我配置了我的手动依赖方应用程序。设置依赖方WS联合身份验证被动协议URL:以 https://开头本地主机:44300
这是由Visual Studio提供。这个值是给定的信赖标识的唯一值。
I then configured my relying party app manually. Setting the relying party WS-Federation Passive Protocol URL: to https://localhost:44300
which was provided by Visual studio. This value is the only value given as the trust identifier.
最后,我映射2声明类型的好办法;显示名称和用户主要名称。所有这一切都以实例提供链接
Lastly, I mapped 2 claim types for good measure; Display Name and User-Principal Name. All this provided by the example link.
然后我runit(F5)的ADFS登录弹出一个通用的错误。我转到了ADFS服务器,并找到以下详细的错误。
I then runit(F5) the ADFS login pops up with a generic error. I goto the ADFS server and find the following detailed error.
开发环境
我有3个服务器和客户端1
Development Enviroment I have 3 servers and 1 client
- 1域控制器
- 1 CA服务器
- 1 ADFS
- 1的Windows 8客户端。
我不断从ADFS内收到以下错误消息
I keep receiving the following error message inside from ADFS
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
https://localhost:44300/
Exception details:
Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://localhost:44300/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.Validate()
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
任何帮助是AP preciated。
Any help is appreciated.
推荐答案
中,似乎你的应用程序发送的依赖方标识符不匹配什么是ADFS注册。这不应该需要一个新的香草ADFS的设置。我建议如下:
as mentioned in Vittorio's first response, the seems that the relying party identifier sent by your application does not match what is registered in ADFS. This should not require a new vanilla ADFS setup. I suggest the following:
- 确保你有一个信赖方信任设置在ADFS应用程序。
- 确保应用程序的标识符匹配你在你的应用程序已指定为您在维托里奥的博客文章看看。
- 确保返回URL设置正确的ADFS依赖方的信任和应用程序符合您的F5设置。你可以看到在维托里奥的博客文章屏幕截图。
让我知道如果这个作品送给你。
Let me know if this works out for you.
- 山姆
这篇关于MVC5的Web应用程序中使用ADFS开 - premises组织验证和Visual Studio 2013开发本地主机的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!