ASP.Net Core SAML身份验证 [英] ASP.Net Core SAML authentication

问题描述

我正在尝试将SAML 2.0身份验证添加到ASP.Net Core解决方案中.我找不到有关该主题的任何文档，因此不确定从哪里开始.可能有文档，但是我不想花3天的时间来做这方面的专家.

I am trying to add SAML 2.0 authentication to an ASP.Net Core solution. I can't find any documentation on the subject, so I am unsure where to start. There is probably documentation out there, but I don't want to spend 3 days becoming an expert on this.

从我可以看到，ASP.Net Core从旧的OWIN程序集/命名空间中进行了一些更改.有第三方库可以简化SAML 2.0的实现，例如 Kentor.AuthServices .

From what I can see ASP.Net Core has changed something from the old OWIN assemblies/namespaces. There are third party libraries to simplify SAML 2.0 implementation such as Kentor.AuthServices.

我不确定如何将其与ASP.Net 5 RC 1/ASP.Net Core结合使用.例如，在SQL中使用AspNet *表.

I am unsure how to combine this with ASP.Net 5 RC 1 / ASP.Net Core. For example making use of the AspNet* tables in SQL.

ASP.Net 5 RC 1带有几个用于实现身份验证(客户端)的库.

ASP.Net 5 RC 1 comes with several libraries to implement authentication (client).

例如:

• Microsoft.AspNet.Authentication. OAuth
• Microsoft.AspNet.Authentication. Facebook
• Microsoft.AspNet.Authentication.谷歌
• Microsoft.AspNet.Authentication. Twitter

• Microsoft.AspNet.Authentication.OAuth
• Microsoft.AspNet.Authentication.Facebook
• Microsoft.AspNet.Authentication.Google
• Microsoft.AspNet.Authentication.Twitter

要实现这些功能，只需在Startup.cs中调用一个简单的扩展方法即可:

Implementing these is a matter of calling a simple extension method in Startup.cs:

app.UseIdentity()
.UseFacebookAuthentication(new FacebookOptions
{
    AppId = "ID",
    AppSecret = "KEY"
})
.UseGoogleAuthentication(new GoogleOptions
{
    ClientId = "ID",
    ClientSecret = "SECRET"
})
.UseTwitterAuthentication(new TwitterOptions
{
    ConsumerKey = "KEY",
    ConsumerSecret = "SECRET"
});

完成后，ASP.Net示例项目将自动显示用于登录/管理帐户的社交按钮:

Once that is done the ASP.Net sample project automatically shows social buttons for login/manage account:

在后端代码中，使用var otherLogins = _signInManager.GetExternalAuthenticationSchemes().Where(auth => userLogins.All(ul => auth.AuthenticationScheme != ul.LoginProvider)).ToList();检索身份验证提供程序.这意味着身份验证提供程序已注册到可以通过调用_signInManager.GetExternalAuthenticationSchemes()使其可用的位置.

In the backend code the authentication providers are retrieved using var otherLogins = _signInManager.GetExternalAuthenticationSchemes().Where(auth => userLogins.All(ul => auth.AuthenticationScheme != ul.LoginProvider)).ToList();. This means the authentication providers are registered somewhere that makes them available by calling _signInManager.GetExternalAuthenticationSchemes().

如何在ASP.Net 5 RC1/ASP.Net Core中实现SAML 2.0身份验证?

How can I implement SAML 2.0 authentication in ASP.Net 5 RC1 / ASP.Net Core?

推荐答案

据我所知，没有针对ASP.NET Core的SAML2实现.我打算为Kentor.AuthServices(我是维护者)制作一个ASP.NET Core中间件，但这只是计划.

现在在 https://github上有一个ASP.NET Core中间件的工作原型. com/KentorIT/authservices/pull/489 .添加测试后，它将包含在正式版本中.

There is now a working prototype of a ASP.NET Core middleware at https://github.com/KentorIT/authservices/pull/489. It will be included in the official release when tests have been added.

重要的是要知道，尽管这样的中间件将与ASP.NET Core安全模型兼容，但它只能在完整的.NET Framework上运行，而不能在.NET Core上运行.原因是.NET Core中尚未提供System.IdentityModel中的SignedXml和SAML2支持.

It's also important to know that while such a middleware would be compatible with the ASP.NET Core security model, it would only run on the full .NET Framework and not on .NET Core. The reason is that SignedXml and the SAML2 support in System.IdentityModel is not yet available in .NET Core.

这篇关于ASP.Net Core SAML身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！