MVC5 OWIN ws-federation AuthenticationManager.GetExternalLoginInfoAsync()返回null [英] MVC5 OWIN ws-federation AuthenticationManager.GetExternalLoginInfoAsync() returns null

问题描述

我正在尝试在Visual Studio 2013的新MVC 5项目中设置集成的OWIN WS-Federation(ADFS)身份验证.Startup.Auth中的WsFederation配置如下:

I'm trying to setup integrated OWIN WS-Federation (ADFS) authentication in a new MVC 5 project in Visual Studio 2013. WsFederation in Startup.Auth is configured as follows:

app.UseWsFederationAuthentication(wtrealm: "MyRealm",
               metadataAddress: "https://myADFSInstanceHost/FederationMetadata/2007-06/FederationMetadata.xml");  

登录页面上的联合按钮可以正常工作. ADFS登录页面是可以实现的，我可以在那里登录. 所需的cookie似乎已正确设置.至少传递了.AspNet.ExternalCookie cookie. 但是，当执行到mvc应用程序的回调时，在ExternalLoginCallback控制器中，AuthenticationManager.GetExternalLoginInfoAsync()始终返回null.

Federation button at login page works fine. ADFS login page is achievable, i can log in there. Required cookies seems to being set properly. At least there is passed .AspNet.ExternalCookie cookie. But when callback to mvc app is performed, in ExternalLoginCallback controller AuthenticationManager.GetExternalLoginInfoAsync() returns always null.

推荐答案

我知道这是一篇非常老的文章，但是我已经在这个问题上工作了一个星期，这是我发现的唯一资源任何帮助.

I know this is an extremely old post, but I've been working on this issue for a week and this is the ONLY resource I've found that provided any sort of help.

原始帖子上的评论提供了我所需要的.为了使GetExternalLoginInfo工作，必须提供类型为NameIdentifier的声明.我可以使用以下代码在Startup.Auth.cs中模拟其中之一:

The comments on the original post provided exactly what I needed. In order for GetExternalLoginInfo to work, a claim of type NameIdentifier must be present. I was able to mock one of these in Startup.Auth.cs using the following code:

app.UserWsFederationAuthentication(
    new WsFederationAuthenticationOptions
    {
        Wtrealm = realm, //defined earlier
        MetadataAddress = adfsMetadata, //also defined earlier

        Notifications = new WsFederationAuthenticationNotifications()
        {
            SecurityTokenValidated = notification =>
            {
                ClaimsIdentity identity = notification.AuthenticationTicket.Identity;

                //loop through all the claims returned (this should return everything set up in ADFS)
                foreach (var claim in notification.AuthenticationTicket.Identity.Claims)
                {
                    if (claim.Type == ClaimTypes.Upn) //or whatever claim type you want to use as your name identifier
                    {
                        //This line will add a duplicate claim, giving it the specified type. This NEEDS TO BE `NameIdentifier`
                        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, claim.Value));
                    }
                }
                return Task.FromResult(0);
            }
        }
    });

这篇关于MVC5 OWIN ws-federation AuthenticationManager.GetExternalLoginInfoAsync()返回null的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！