当联邦身份验证令牌保存[WIF STS] [英] Where Federation authentication token is saved [WIF STS]?
问题描述
虽然我开始探索WIF,我有以下疑问:
在Windows标识基础[WIF],寻找到安全令牌服务[STS],我想知道在联盟认证令牌被保存?
我认为它在浏览器cookie,如果有任何人都可以,请给我一个见解呢?
我用了提琴手网络调试器来寻找这个问题的答案。这里所发生的事情:让我们假设你的应用程序的名称是 SecureApp 和您的STS的名称是 SecurePortal <。 / P>
当你在 SecureApp 将浏览器的第一件事是,它会检查,看看是否你验证。如果你没有,你会立即重定向到 SecurePortal 与查询字符串,表明你登录到 SecureApp
一旦你与 SecurePortal 日志中,WIF框架生成一个的Htt presponse 从 SecurePortal 包含包含值这表明您已成功登录。这些值可以签名和/或基于 SecurePortal的设置加密的一些隐藏的HTML领域。随着这些价值观是写一些JavaScript code键使浏览器发布值 SecureApp 。一旦这些值由 SecureApp 验证,该框架将写的Htt presponse 与饼干(s)表示,表明您已经登录。以我的经验,饼干的名称以FedAuth。在这一点上,你现在可以访问内 SecureApp 。
另外,我想指出的是,该框架似乎有$ P $的一些方法pventing它设置被手动删除的cookie。
我建议你使用网络调试,并观察这一过程发生在你自己更好地理解。
简短的回答:该令牌首先提供给您的浏览器作为的Htt presponse 在STS,然后再提供给您的浏览器作为饼干的应用程序。
While i started to explore WIF, i have a doubt on the following:
In the Windows Identification Foundation[WIF],looking on to Security Token Service[STS], i wish to know where the federation authentication token is being saved?
I think its in browser cookie, if so can anyone please give me a insight about it?
I used the 'Fiddler' Web debugger to find the answer to this question. Here's what happens: Let's suppose that the name of your application is SecureApp and the name of your STS is SecurePortal.
The first thing that happens when you point your browser at SecureApp is that it checks to see if you're authenticated. If you're not, you are immediately redirected to SecurePortal with a query string indicating that you're logging into SecureApp.
Once you log in with SecurePortal, the WIF framework produces an HttpResponse from SecurePortal which contains some 'hidden' HTML fields containing values which indicate that you successfully logged in. These values may be signed and/or encrypted based on the setup of SecurePortal. Along with these values is written some Javascript code to make the browser post the values to SecureApp. Once these values are validated by SecureApp, the framework will write an HttpResponse with cookie(s) that indicate that you are logged in. In my experience, the names of the cookies start with "FedAuth". At this point, you may now access pages within SecureApp.
Also, I would like to point out that the framework seems to have some way of preventing the cookies that it sets from being removed manually.
I suggest that you use a web debugger and observe this process happening on your own to understand better.
The short answer: The token is first given to your browser as an HttpResponse in the STS and then given to your browser again as a cookie in the application.
这篇关于当联邦身份验证令牌保存[WIF STS]的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
