WSFederationAuthenticationModule v/s SessionAuthenticationModule [英] WSFederationAuthenticationModule v/s SessionAuthenticationModule

问题描述

根据文档，两个模块都将用于创建IClaimsPrincipal的实例.我不明白为什么WIF麻烦使用2个HttpModules而不是1个?抱歉，我是WIF的新手

According to documentation, both module will used to create instance of IClaimsPrincipal. I am not understanding why WIF bother to use 2 HttpModules instead of one? Sorry, I am new in WIF

推荐答案

您不需要两个都在管道中具有 IClaimsPrincipal .您需要后者，即 SessionAuthenticationModule .它负责将WIF cookie转换为主体对象(类似于FormsAuthenticationModule对表单cookie所做的工作.)

You don't need both to have the IClaimsPrincipal in the pipeline. You need the latter, the SessionAuthenticationModule. It is responsible for converting the WIF cookie into the principal object (similar what FormsAuthenticationModule does with a form cookie).

前一个 WSFederationAuthenticationModule 仅负责从身份提供者到您的应用程序的初始SAML帖子-模块使用该帖子并发布WIF cookie.另外，您也可以使用放在登录表单上的 wif:FederatedPassiveSignIn 控件来做到这一点.

The former, WSFederationAuthenticationModule is responsible only for the initial SAML post from the indentity provider to your application - the module consumes the post and issues the WIF cookie. Alternatively you can do it with a wif:FederatedPassiveSignIn control placed on your login form.

当我编写启用WIF的应用程序的代码时，通常只有SAM模块，并且使用登录控件来发布cookie.

When I code WIF-enabled applications, I usually have only the SAM module and I use the login control for issuing cookies.

这篇关于WSFederationAuthenticationModule v/s SessionAuthenticationModule的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！