如何根据Active Directory联合身份验证服务(ADFS)验证用户名和密码? [英] How to authenticate user name and password against Active Directory Federation Services (ADFS)?
问题描述
我想向.Net控制台应用程序或Web页面提供用户名和密码,以针对Active Directory联合身份验证服务进行身份验证. 此时,我所拥有的只是 https://mycompany.com/FederationMetadata/2007-06/FederationMetadata.xml ,我具有要测试的有效用户名和密码.
I want to provide a user name and password to a .Net Console app or Web Page, to authenticate against Active Directory Federation Services. At this point all I have is https://mycompany.com/FederationMetadata/2007-06/FederationMetadata.xml, and I have valid user name and password to test.
I followed some articles, viz., https://dotnetcodr.com/2013/02/28/claims-based-authentication-in-mvc4-with-net4-5-c-part-2-storing-authentication-data-in-an-authentication-session/
我查看并发现,我们必须在ADFS中添加依赖方",才能将ADFS用作身份验证存储.
I reviewed and found that, we have to add "Rely Party" in ADFS, to use ADFS as auth store.
在第二个链接中,它正在使用联合IdP.相反,我想使用一些控制台应用程序来提供用户名和密码并获得身份验证. 但是我不清楚控制台应用程序在哪里提供用户名和密码. 任何帮助表示赞赏!预先感谢.
In 2nd Link, it is using Federated IdP. Instead I want to use some console appto provide username and password and get authenticated. But it is not clear for me that, where to provide user name and password, in console app. Any help is appreciated! Thanks in advance.
推荐答案
以下代码对我有用
using System.IdentityModel.Tokens;
using Microsoft.IdentityModel.Protocols.WSTrust;
using System.ServiceModel;
using System.ServiceModel.Security;
using WSTrustChannel = Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel;
using WSTrustChannelFactory = Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory;
namespace SOS.Tools.AdfsConnectionChecker
{
internal class Token
{
public static SecurityToken GetToken(string username, string password, string tokenIssuer, string appliesTo, out RequestSecurityTokenResponse rsts)
{
WS2007HttpBinding binding = new WS2007HttpBinding();
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
var tokenIssuerUrlFormat = "https://{0}/adfs/services/trust/13/usernamemixed";
var tokenIssuerUrl = string.Format(tokenIssuerUrlFormat, tokenIssuer);
WSTrustChannelFactory trustChannelFactory =
new WSTrustChannelFactory(binding, new EndpointAddress(tokenIssuerUrl));
trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;
trustChannelFactory.Credentials.UserName.UserName = username;
trustChannelFactory.Credentials.UserName.Password = password;
trustChannelFactory.ConfigureChannelFactory();
// Create issuance issuance and get security token
RequestSecurityToken requestToken = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue);
requestToken.AppliesTo = new EndpointAddress(appliesTo);
WSTrustChannel tokenClient = (WSTrustChannel) trustChannelFactory.CreateChannel();
SecurityToken token = tokenClient.Issue(requestToken, out rsts);
return token;
}
}
- 用户名-域名用户名(例如 Name.FamalyName@DomainName.local )
- 密码-域用户密码
- tokenIssuer -ADFS URL( adfs.somedomain.com ).该ADFS应该连接到创建用户名的Active Directory
- appliesTo -您想要令牌的应用(例如 https://apps.anydomain.com/WcfService1 ).必须在 tokenIssuer 上将其配置为Rellying Party.
- username - Domain user name (e.g Name.FamalyName@DomainName.local)
- password - Domain user password
- tokenIssuer - ADFS URL (adfs.somedomain.com). That ADFS should be connected to Active Directory where username is created
- appliesTo - Applicattion you want token for (e.g. https://apps.anydomain.com/WcfService1). It has to be configured on the tokenIssuer as Rellying Party.
这篇关于如何根据Active Directory联合身份验证服务(ADFS)验证用户名和密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!