带有现有 ASP.Net MVC 应用程序的 ADFS [英] ADFS with existing ASP.Net MVC App

问题描述

我一直在环顾四周，试图找到一个如何将 ADFS 身份验证添加到现有 ASP.Net MVC 应用程序的示例.我找到了很多示例，说明在创建新应用时如何使用向导进行操作.

I've been looking around, trying to find an example of how to add ADFS authentication to an existing ASP.Net MVC application. I found lots of example of how to do it using the wizard when you create a new app.

我可以创建一个新的应用程序并复制代码和配置，但这似乎是一种奇怪的方法.

I could create a new app and copy the code and config over, but this seams like a strange approach.

有人知道好的指南或资源吗?

Does anyone know of a good guide or resource?

推荐答案

我们在 Cloud Identity 对开始使用类似的东西非常有帮助.我们使用的是 Web API，因此并不完全相同.

We found this blog entry on Cloud Identity to be really helpful to get started with something similar. We are using Web API so it's not exactly the same.

您需要将此添加到您的 Startup.Auth.cs 文件中:

You will need to add this to your Startup.Auth.cs file:

app.UseActiveDirectoryFederationServicesBearerAuthentication(
new ActiveDirectoryFederationServicesBearerAuthenticationOptions
{
    Audience = ConfigurationManager.AppSettings["ida:Audience"],
    MetadataEndpoint = ConfigurationManager.AppSettings["ida:MetadataEndpoint"]
});

在您的 web.config 中，您需要指向这些条目的键:

In your web.config you will need keys to point to those entries:

<add key="ida:AdfsMetadataEndpoint" value="https://adfs.yourdomain.com/federationmetadata/2007-06/federationmetadata.xml" />
    <add key="ida:Audience" value="https://yourmvc.yourdomain.com" />

请注意，您使用的 ADFS 版本有很大的不同.我们发现，在尝试使令牌与 ADFS 3.0 版一起使用时，它们目前有些损坏.本地 ADFS 的工作方式也与 Azure 大不相同.

Note that what version of ADFS you are using makes a big difference. We found that while trying to get tokens to work with version 3.0 of ADFS they are somewhat broken at the moment. On premises ADFS will also work much differently than Azure.

我们需要为我们的实施定制声明，并且这篇 帖子非常有帮助.Startup.Auth.cs 看起来类似于:

We needed to customize the claims for our implementation and this post helped immensely. Startup.Auth.cs will look similar to this:

app.UseWindowsAzureActiveDirectoryBearerAuthentication(
    new WindowsAzureActiveDirectoryBearerAuthenticationOptions
    {
        Audience = ConfigurationManager.AppSettings["ida:Audience"],
        Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
        Provider = new OAuthBearerAuthenticationProvider()
        {
            OnValidateIdentity = async context =>
            {
                context.Ticket.Identity.AddClaim(
                   new Claim(http://mycustomclaims/hairlenght, 
                                   RetrieveHairLenght(userID),                
                                   ClaimValueTypes.Double, 
                                   "LOCAL AUTHORITY");));
            }
        }
    });

这篇关于带有现有 ASP.Net MVC 应用程序的 ADFS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！