ASP.Net Core SAML 身份验证 [英] ASP.Net Core SAML authentication
问题描述
我正在尝试将 SAML 2.0 身份验证添加到 ASP.Net Core 解决方案中.我找不到有关该主题的任何文档,所以我不确定从哪里开始.那里可能有文档,但我不想花 3 天时间成为这方面的专家.
据我所知,ASP.Net Core 已经从旧的 OWIN 程序集/命名空间中改变了一些东西.有第三方库可以简化 SAML 2.0 实现,例如
在后端代码中,使用 var otherLogins = _signInManager.GetExternalAuthenticationSchemes().Where(auth => userLogins.All(ul => auth.AuthenticationScheme != ul.LoginProvider)) 检索身份验证提供程序.ToList();.这意味着身份验证提供程序在某个地方注册,通过调用 _signInManager.GetExternalAuthenticationSchemes() 使它们可用.
如何在 ASP.Net 5 RC1/ASP.Net Core 中实现 SAML 2.0 身份验证?
据我所知,ASP.NET Core 没有 SAML2 实现.我计划为 Kentor.AuthServices 制作一个 ASP.NET Core 中间件(我是维护者),但这只是计划.
现在在 https://github 上有一个 ASP.NET Core 中间件的工作原型.com/KentorIT/authservices/pull/489.添加测试后,它将包含在正式版本中.
同样重要的是要知道,虽然这样的中间件与 ASP.NET Core 安全模型兼容,但它只能在完整的 .NET Framework 上运行,而不能在 .NET Core 上运行.原因是 System.IdentityModel 中的 SignedXml 和 SAML2 支持在 .NET Core 中尚不可用.
I am trying to add SAML 2.0 authentication to an ASP.Net Core solution. I can't find any documentation on the subject, so I am unsure where to start. There is probably documentation out there, but I don't want to spend 3 days becoming an expert on this.
From what I can see ASP.Net Core has changed something from the old OWIN assemblies/namespaces. There are third party libraries to simplify SAML 2.0 implementation such as Kentor.AuthServices.
I am unsure how to combine this with ASP.Net 5 RC 1 / ASP.Net Core. For example making use of the AspNet* tables in SQL.
ASP.Net 5 RC 1 comes with several libraries to implement authentication (client).
For example:
- Microsoft.AspNet.Authentication.OAuth
- Microsoft.AspNet.Authentication.Facebook
- Microsoft.AspNet.Authentication.Google
- Microsoft.AspNet.Authentication.Twitter
Implementing these is a matter of calling a simple extension method in Startup.cs:
app.UseIdentity()
.UseFacebookAuthentication(new FacebookOptions
{
AppId = "ID",
AppSecret = "KEY"
})
.UseGoogleAuthentication(new GoogleOptions
{
ClientId = "ID",
ClientSecret = "SECRET"
})
.UseTwitterAuthentication(new TwitterOptions
{
ConsumerKey = "KEY",
ConsumerSecret = "SECRET"
});
Once that is done the ASP.Net sample project automatically shows social buttons for login/manage account:
In the backend code the authentication providers are retrieved using var otherLogins = _signInManager.GetExternalAuthenticationSchemes().Where(auth => userLogins.All(ul => auth.AuthenticationScheme != ul.LoginProvider)).ToList();. This means the authentication providers are registered somewhere that makes them available by calling _signInManager.GetExternalAuthenticationSchemes().
How can I implement SAML 2.0 authentication in ASP.Net 5 RC1 / ASP.Net Core?
As far as I know, there is no SAML2 implementation for ASP.NET Core. I'm planning to make an ASP.NET Core Middleware for Kentor.AuthServices (I'm the maintainer), but it's just plans yet.
There is now a working prototype of a ASP.NET Core middleware at https://github.com/KentorIT/authservices/pull/489. It will be included in the official release when tests have been added.
It's also important to know that while such a middleware would be compatible with the ASP.NET Core security model, it would only run on the full .NET Framework and not on .NET Core. The reason is that SignedXml and the SAML2 support in System.IdentityModel is not yet available in .NET Core.
这篇关于ASP.Net Core SAML 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
