通过ADFS令牌到服务 [英] Pass ADFS Token to a Service
问题描述
我有两个ASP.Net应用程序:App1和App2的。这两个应用程序是使用WIF与同一ADFS服务器对用户进行认证标准的Web应用程序,但也App2的一些公开服务的WebAPI
I have 2 ASP.Net applications: App1 and App2. Both applications are standard web apps that use WIF with the same ADFS server to authenticate the user, but App2 also exposes some WebAPI services.
当用户进入程序App1,App1的呼吁App2的一个服务,我需要以某种方式调用与App2的服务用户的令牌。
When the user goes to App1, App1 calls a service on App2 and I need to somehow call the App2 service with the user's token.
如果用户自身是被调用App2的服务,他们会通过相同的ADFS身份验证,一切会工作,但它是程序App1的调用App2的服务,而不是用户。
If the user, themselves, were calling the service on App2, they would go through the same ADFS authentication and everything would work, but it's App1 that's calling the service on App2, not the user.
如何这可能是做有什么想法?
Any thoughts on how this might be done?
谢谢!
推荐答案
您可以使用WS-信托(ACTAS)得到一个代表团令牌:
You can use WS-Trust (ActAs) to get a delegation token:
HTTP: //weblogs.asp.net/cibrax/archive/2010/01/04/actas-in-ws-trust-1-4.aspx
或者你也可以做穷人的代表团:
Or you can do poor man's delegation:
<一个href=\"http://www.cloudidentity.com/blog/2013/01/09/using-the-jwt-handler-for-implementing-poor-man-s-delegation-actas/\" rel=\"nofollow\">http://www.cloudidentity.com/blog/2013/01/09/using-the-jwt-handler-for-implementing-poor-man-s-delegation-actas/
或者你可以使用Thinktecture IdentityServer ADFS桥:
Or you could use the Thinktecture IdentityServer Adfs Bridge:
<一个href=\"http://brockallen.com/2013/04/14/getting-json-web-tokens-jwts-from-adfs-via-thinktecture-identityservers-adfs-integration/\" rel=\"nofollow\">http://brockallen.com/2013/04/14/getting-json-web-tokens-jwts-from-adfs-via-thinktecture-identityservers-adfs-integration/
这篇关于通过ADFS令牌到服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
