在控制台应用程序内通过ADFS进行静默身份验证 [英] Authenticate with ADFS inside Console App silently

问题描述

我有一个引用ADAL.net库的ac＃控制台应用程序（Microsoft.IdentityModel.Clients.ActiveDirectory版本2.19.208020213）

I have a c# console application that references the ADAL.net library (Microsoft.IdentityModel.Clients.ActiveDirectory version 2.19.208020213)

控制台应用程序的用途将使用受ADFS保护的HTTP端点。

The purpose of the console app is to consume a HTTP endpoint which is protected with ADFS.

ADFS auth的实现如下....

The implementation of the ADFS auth is as follows....

var uc = new UserCredential("user", "password");
var ctx = new AuthenticationContext("https://sts.example.com/adfs", false);
var token = ctx.AcquireToken(ClientResourceUri, ClientId, uc);

对AcquireToken的调用会引发异常...

The call to AcquireToken throws an exception...

不支持此方法重载' https： //sts.example.com/adfs/ '

在没有UserCredential对象的情况下调用AcquireToken，而是提供了redirectUri可以，但是会弹出一个对话框提示输入用户名和密码，这不适合，因为控制台应用程序将在非用户环境中执行...

Calling AcquireToken without the UserCredential object, and instead providing a redirectUri works, but throws up a dialog prompting for username and password, which is unsuitable as the console app will be executed in a non user environment...

var redirect = new Uri("https://example.com/arbitaryRedirect");
var token = ctx.AcquireToken(ClientResourceUri, ClientId, redirect);
//dialog is shown

如果我切换到最新版的adal。网络库（3.6.212041202-alpha）
该错误更能说明...

If i switch to the latest alpha release of the adal.net library (3.6.212041202-alpha) the error is more revealing...

MSIS9611：授权服务器没有支持请求的
'grant_type'。授权服务器仅支持
'authorization_code'或'refresh_token'作为授予类型。

MSIS9611: The authorization server does not support the requested 'grant_type'. The authorization server only supports 'authorization_code' or 'refresh_token' as the grant type.

但是，挖掘Google会产生非常大的收益

However, mining google yields very little.

实际上是否可以针对ADFS进行静默身份验证？

Is it actually possible to authenticate silently against ADFS?

我在假设（基于根据其他答案 ：//stackoverflow.com/questions/14521589/authenticating-against-ad-fs-from-a-net-4-5-console-app>帖子），正确的方法是改用WsTrustChannelFactory吗？

Would i be correct in assuming (based upon answers in other posts) that the correct approach is to use WsTrustChannelFactory instead?

如果不是，最好的方法是什么？

If not, what is the best approach?

推荐答案

它可以在Windows Server 2016中使用ADAL 3.x和ADFS，并使用与您发布的几乎相同的代码。旧版本的ADAL或ADFS组合无法使用。
或者，您可以使用WS-Trust-很难处理，但可以完成工作。

It is possible using ADAL 3.x and ADFS in Windows Server 2016, with pretty much the same code you posted. Combinations of older versions of either ADAL or ADFS won't work. Alternatively, you can use WS-Trust - which is significantly harder to handle, but can get the job done.

这篇关于在控制台应用程序内通过ADFS进行静默身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！