网络-SSO-与云-AD-Office365用户 [英] web-sso-with-cloud-ad-Office365-users
问题描述
什么是落实在.NET应用程序的Web-SSO-与云-AD-O365-用户的最佳解决方案?我已经瞪大眼睛,发现几个解决方案,但我不是很不服气与解决方案。
What is the best solution to implement web-sso-with-cloud-ad-o365-users on in a .net application? I have goggled and found few solutions but I am not very convinced with those solutions.
我在Windows上建立一个ASP.NET Web应用程序Azure.Application用户名和密码相同的Office 365与Windows身份验证基础。
I'm building an ASP.NET web application on windows Azure.Application Username and password are same as office 365 with Windows Identity Foundation.
我可以在我的应用程序和Office365环境之间建立单点登录?因此,用户必须登录到Office365一旦他登录到我的应用程序。
Can I establish single sign on between the my app and the Office365 environment? So the user will have to log into Office365 once he is logged into the my app.
我试试下面的链接,并提出MVC3 Web应用程序。
I have try below link and made MVC3 Web Application.
的https://www.windowsazure .COM / EN-US /开发/网/如何对导游/ WEB-SSO /
的http://veerendracloudblogs.blogspot.in/2012/07/web-sso-with-cloud-ad-o365-users.html
当我运行应用程序,并提供登录凭据错误发生: -
when i run application and provide login credential Error Occur:-
中的服务器错误'/'应用。
Server Error in '/' Application.
ID1038:,因为指定的观众是不是在AudienceUris present的AudienceRestrictionCondition无效。
观众:SPN:b6933382-49c5-4430-81cc-36dd50a3c971
ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris. Audience: 'spn:b6933382-49c5-4430-81cc-36dd50a3c971'
说明:当前Web请求的执行过程中发生未处理的异常。请检查堆栈跟踪有关该错误的详细信息以及它起源于code。
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
异常详细信息: Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException:ID1038:因为指定的观众是不是在AudienceUris present的AudienceRestrictionCondition无效。
观众:SPN:b6933382-49c5-4430-81cc-36dd50a3c971
Exception Details: Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException: ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris. Audience: 'spn:b6933382-49c5-4430-81cc-36dd50a3c971'
源错误:
当前Web请求的执行过程中生成了未处理的异常。可以使用异常堆栈跟踪下面确定有关异常原因和位置信息。
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
堆栈跟踪:
[AudienceUriValidationFailedException:ID1038:由于指定目标对象是不是在AudienceUris present的AudienceRestrictionCondition无效。
观众:SPN:b6933382-49c5-4430-81cc-36dd50a3c971']
Microsoft.IdentityModel.Tokens.SamlSecurityTokenRequirement.ValidateAudienceRestriction(IList的 1 allowedAudienceUris,IList的 1 tokenAudiences)1287
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateConditions(Saml2Conditions条件,布尔enforceAudienceRestriction)2309
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateToken(SecurityToken令牌)786
Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken令牌)+297
Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken令牌,布尔ensureBearerToken,字符串endpointUri)279
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HTT prequest要求)822
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(对象发件人,EventArgs参数)363
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()+136
System.Web.HttpApplication.ExecuteStep(IExecutionStep一步,布尔和放大器; completedSynchronously)+69
[AudienceUriValidationFailedException: ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris.
Audience: 'spn:b6933382-49c5-4430-81cc-36dd50a3c971']
Microsoft.IdentityModel.Tokens.SamlSecurityTokenRequirement.ValidateAudienceRestriction(IList1 allowedAudienceUris, IList1 tokenAudiences) +1287
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateConditions(Saml2Conditions conditions, Boolean enforceAudienceRestriction) +2309
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateToken(SecurityToken token) +786
Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) +297
Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) +279
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +822
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +363
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
推荐答案
看来你确实有上述然而,当你说没有获得成功是什么意思正确的信息。当您尝试进行配置,当连接没有工作究竟发生实际发生了什么。您需要添加一些错误信息,以获取准确的帮助。
It seems you do have correct information above however when you said you "did not get success" what does it mean. What actually happen when you try to configure it and what actually happen when connection did not work. You need to add some error information to get accurate help.
大多数我已经看到了获取/设置它在Web应用程序中使用的用户转移到O365服务器得到肯定认证要求适当的智能链接相关的问题。所以,如果你已经通过了这一点应该没有问题,因为一旦你的说法,你是身份验证的用户。所以,你真正需要的是使用智能链接校正和问题在下面详细介绍说明,以便确认你有它设置正确:
Most of the problem I have seen are related with getting/setting proper smart link which is used in web application to transfer users to O365 servers to get positive authentication claim. So if you have passed that point there should not be problem as once you have the claim, you are authenticated user. So what you really need is to use Smart Links correction and the problem is described below in details so verify that you do have it setup correctly:
<一个href=\"http://community.office365.com/en-us/wikis/sso/using-smart-links-or-idp-initiated-authentication-with-office-365.aspx?sort=mostrecent&pageindex=1\"相对=nofollow>使用智能链接或境内流与Office 365 发起认证
Office 365的单点登录配置是在做一道通过WS-联合会(WS-美联储)和WS-Trust协议和一张白纸的 Office 365的单点登录与AD FS 2.0白皮书就是在这里解释一下这个过程。
Office 365 Single Sign-On configuration is done in conjunction with corporate ADFS supported through WS-Federation (WS-Fed) and WS-Trust protocols and a white paper "Office 365 Single Sign-On with AD FS 2.0 whitepaper" is here to explain the process.
您也可以看看基于Internet2的Shibboleth的2 SAML 2.0协议,基于声明的(网络)的单点登录与Office 365提供的这里。
You can also take a look at SAML 2.0 protocol based Internet2 Shibboleth 2, claims-based (Web) single sign-on with Office 365 offering here.
这篇关于网络-SSO-与云-AD-Office365用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
