不同的SAML令牌验证调用具体做什么? [英] What do different SAML token validation calls specifically do?
问题描述
以下是我在另一个论坛上提出的一个问题,但意识到这是一个更好的形式来询问它。 在这里浏览时,我还注意到其他类中的更多ValidateToken()函数,关于它们的信息很少。
Below is a question I asked on another forum, but realized this is the better form to ask it on. While browsing here, I also noticed even more ValidateToken() functions in other classes, with little information about them.
我正在尝试验证由REST Web服务中基于WIF的自定义STS创建的SAML令牌。
I am trying to validate a SAML token that was created by our WIF-based custom STS inside a REST web service.
有几个功能进行验证。一个是 SecurityTokenHandlerCollection.ValidateToken(),另一个是
SamlSecurityTokenAuthenticator.ValidateToken()。
There are a couple of functions to do validation. One is SecurityTokenHandlerCollection.ValidateToken() and another is SamlSecurityTokenAuthenticator.ValidateToken().
不幸的是,这些类和函数的在线Microsoft MSDN帮助毫无价值,并且根本没有描述这些函数正在做什么。
Unfortunately the online Microsoft MSDN help for these classes and functions is worthless and does not describe at all what it is these functions are doing.
这些功能有哪些验证以及它们是如何进行验证的?它们之间有什么区别?他们是否自动在Windows证书存储区中查找证书以检查令牌的签名,并验证加密的凭证
对象?因为我没有在任何地方传递证书名称。或者我需要自己进行其他手动操作来验证令牌吗?
What are these functions validating and how are they doing it? What are the differences between them? Are they automatically looking up the certificate in the Windows Certificate Store to check the signature of the token, and validating the encrypted credentials object? Because I don't pass a certificate name in anywhere. Or are there other manual operations I need to do myself to validate the token?
我意识到有人返回 ClaimsIdentityCollection 和另一个返回
IAuthorizationPolicy 对象的集合。但这是唯一的区别吗?我不知道。
I realize one returns a ClaimsIdentityCollection and the other returns a collection of IAuthorizationPolicy objects. But is that the only difference? I can't tell.
我可以在网上找到关于STS和索赔甚至验证索赔的大量信息,我正在成功地做,但我几乎找不到任何有关验证令牌本身的信息,以确保它是我创建的。
I can find plenty of information out on the web about the STS and claims and even validating claims, which I am doing successfully, but I can hardly find any information on validating the token itself to make sure it is one I created.
推荐答案
是的,文档缺乏。 Microsoft假定每个人都有.NET反射器:)
Yup, the documentation is lacking. Microsoft assumes that everyone has .NET reflector :)
说真的,去购买专业版的.NET反射器,这将允许你要调试/逐步完成WIF验证码。掌握WIF的宝贵工具
Seriously, go purchase the professional version of .NET reflector which will allow you to debug/step through the W.I.F. validation code. Invaluable tool for mastering W.I.F.
这篇关于不同的SAML令牌验证调用具体做什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
