为什么在MVC依赖方中passiveRedirectEnabled应该设置为false？ [英] Why should passiveRedirectEnabled be set to false in a MVC relying party?

问题描述

"基于声明的身份和访问控制指南"中的第六章states：

Chapter six in the "Guide to claims based identity and access control" states:

"通过将passiveRedirectEnabled属性设置为false，您可以指示WIF的联合身份验证模块不执行其未经身份验证的会话内置重定向到颁发者"

"By setting the passiveRedirectEnabled attribute to false, you instruct WIF's federated authentication module not to perform its built in redirection of unauthenticated sessions to the issuer"

为什么我们要禁用内置重定向？当在MVC应用程序中启用内置重定向时，进出验证的重定向似乎工作正常。

Why would we want to disable built in redirection? When built in redirection is enabled in a MVC application, the redirections to and from the issuer for authentication seems to be working fine.

推荐答案

正如您所观察到的，基于HTTP模块的内置重定向以及passiveRedirectEnabled设置适用于MVC。因为MVC继承了ASP.NET的所有标准配置，所以在调用MVC之前执行的任何身份验证都将应用
到MVC。

As you observed, HTTP module based built-in redirection with the passiveRedirectEnabled setting works with MVC. Because MVC inherits all the standard configuration of ASP.NET, any authentication performed before MVC is invoked will get applied to MVC.

  passiveRedirectEnabled = true设置会导致WIF使用当前配置的颁发者地址，回复地址和家庭域地址。本书介绍了一个MVC示例，该示例为多租户
场景定制了身份验证/授权过程。根据您访问的租户，配置参数将定制为对该租户的用户进行身份验证。例如。要进行身份验证的STS可能是ADatum或Contoso。如果您查看重定向邮件网址，您将能够看到示例中的
如何更改查询字符串中的协议参数。

The passiveRedirectEnabled=true setting causes WIF to use the currently configured issuer address, reply address and home realm address. The book illustrates an MVC sample which customizes the authentication/authorization process for a multi-tenant scenario. Depending on which tenant you access, the configuration paramaters are tailored to authenticate users of that tenant. E.g. the STS to authenticate to could be ADatum or Contoso. If you view the redirect message URL, you'll be able to see how the sample changes the protocol parameters in the query string.

谢谢，

Vani。

这篇关于为什么在MVC依赖方中passiveRedirectEnabled应该设置为false？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！