身份不使用WIF IClaimsIdentity（在ASP.NET MVC 4 /天青） [英] Identity is not IClaimsIdentity using WIF (on ASP.NET MVC 4 / Azure)

问题描述

我已经得到了VS2012RC的WIF工具，而我试图让我的ASP.NET MVC 4项目中使用它们。我已经安装了Microsoft.IdentityModel.dll的的NuGet包。

该MVC项目是一个Azure项目的一部分，但我选择了MVC项目启动现在。

目前，我有本地开发测试STS选中（默认设置）。当我执行以下code（在我的HomeController索引视图）：

 ＆LT; P＆GT;身份验证：@ User.Identity.IsAuthenticated＆LT; / P＆GT;
＆LT; P＆GT;名称：@ User.Identity.Name＆LT; / P＆GT;
@ {
    VAR身份= User.Identity为Microsoft.IdentityModel.Claims.IClaimsIdentity;
    如果（身份== NULL）
    {
        ＆LT; P＆GT;错误：没有身份声称处理＆LT; / P＆GT;！
    }
    其他
    {
        ＆LT;表＆gt;
            ＆所述; TR＆GT;
                百分位＆GT;类型＆lt; /第i个百分位＆GT;价值＆LT; /第i个百分位＆GT;发行人＆LT; /第i个百分位＆GT;发证机关和LT; /第i
            ＆LT; / TR＆GT;
            @foreach（VAR索赔identity.Claims）
            {
                ＆所述; TR＆GT;
                    <td>@claim.ClaimType</td><td>@claim.Value</td><td>@claim.Issuer</td><td>@claim.OriginalIssuer</td>
                ＆LT; / TR＆GT;
            }
        ＆LT; /表＆gt;
    }
}
 

然后我得到的输出是这样的：

 ＆LT; P＆GT;身份验证：真＆LT; / P＆GT;
＆LT; P＆GT;名称：特里＆LT; / P＆GT;
＆LT; P＆GT;错误：没有身份声称处理＆LT; / P＆GT;！
 

为什么不索赔被拾起？

下面的Web.config的相关部分：

 ＆LT; configSections＆GT;
  ＆lt;节名称=system.identityModelTYPE =System.IdentityModel.Configuration.SystemIdentityModelSection，System.IdentityModel，版本= 4.0.0.0，文化=中性公钥= B77A5C561934E089/＆GT;
  ＆lt;节名称=system.identityModel.servicesTYPE =System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection，System.IdentityModel.Services，版本= 4.0.0.0，文化=中性公钥= B77A5C561934E089/＆GT;
＆LT; / configSections＆GT;
＆LT;＆的appSettings GT;
  ＆LT;添加键=ASPNET：UseTaskFriendlySynchronizationContextVALUE =真/＆GT;
  ＆LT;添加键=网页：版本值=2.0.0.0/＆GT;
  ＆LT;添加键=网页：启用VALUE =FALSE/＆GT;
  ＆LT;添加关键=preserveLoginUrlVALUE =真/＆GT;
  ＆LT;添加键=IDA：FederationMetadataLocationVALUE =HTTP：//本地主机：13340 / wsFederationSTS / FederationMetadata / 2007-06 / FederationMetadata.xml/＆GT;
  ＆LT;添加键=IDA：ProviderSelectionVALUE =localSTS/＆GT;
＆LT; /的appSettings＆GT;
＆LT;位置路径=FederationMetadata＆GT;
  ＆LT;＆的System.Web GT;
    ＆LT;授权＆GT;
      ＆LT;让用户=*/＆GT;
    ＆LT; /授权＆GT;
  ＆LT; /system.web>
＆LT; /地点＆gt;
＆LT;＆的System.Web GT;
  ＆LT;授权＆GT;
    ＆LT;拒绝用户=？ /＆GT;
  ＆LT; /授权＆GT;
  ＆LT;身份验证模式=无/＆GT;
  ＆LT;型材defaultProvider =DefaultProfileProvider＆GT;
    ＆LT;供应商＆GT;
      ＆LT;添加名称=DefaultProfileProviderTYPE =System.Web.Providers.DefaultProfileProvider，System.Web.Providers，版本= 1.0.0.0，文化=中性公钥= 31bf3856ad364e35的connectionStringName =DefaultConnection的applicationName =// ＆GT;
    ＆LT; /供应商＆GT;
  ＆LT; / profile文件＆GT;
  ＆LT;会员defaultProvider =DefaultMembershipProvider＆GT;
    ＆LT;供应商＆GT;
      ＆LT;添加名称=DefaultMembershipProviderTYPE =System.Web.Providers.DefaultMembershipProvider，System.Web.Providers，版本= 1.0.0.0，文化=中性公钥= 31bf3856ad364e35的connectionStringName =DefaultConnectionenablePasswordRetrieval =false的enablePasswordReset设置=真requiresQuestionAndAnswer =假requiresUniqueEmail =假maxInvalidPasswordAttempts =5minRequiredPasswordLength =6minRequiredNonalphanumericCharacters =0passwordAttemptWindow =10的applicationName =//＆GT;
    ＆LT; /供应商＆GT;
  ＆LT; /会员＆GT;
  ＆LT; roleManager defaultProvider =DefaultRoleProvider＆GT;
    ＆LT;供应商＆GT;
      ＆LT;添加名称=DefaultRoleProviderTYPE =System.Web.Providers.DefaultRoleProvider，System.Web.Providers，版本= 1.0.0.0，文化=中性公钥= 31bf3856ad364e35的connectionStringName =DefaultConnection的applicationName =// ＆GT;
    ＆LT; /供应商＆GT;
  ＆LT; / roleManager＆GT;
  ＆LT;的sessionState模式=是InProccustomProvider =DefaultSessionProvider＆GT;
    ＆LT;供应商＆GT;
      ＆LT;添加名称=DefaultSessionProviderTYPE =System.Web.Providers.DefaultSessionStateProvider，System.Web.Providers，版本= 1.0.0.0，文化=中性公钥= 31bf3856ad364e35的connectionStringName =DefaultConnection/＆GT;
    ＆LT; /供应商＆GT;
  ＆LT; /＆的sessionState GT;
＆LT; /system.web>
＆LT; system.webServer＆GT;
  ＆LT;验证validateIntegratedModeConfiguration =FALSE/＆GT;
  ＆LT;模块runAllManagedModulesForAllRequests =真正的＆GT;
    ＆LT;添加名称=WSFederationAuthenticationModuleTYPE =System.IdentityModel.Services.WSFederationAuthenticationModule，System.IdentityModel.Services，版本= 4.0.0.0，文化=中性公钥= b77a5c561934e089preCondition =managedHandler/＆GT;
    ＆LT;添加名称=SessionAuthenticationModuleTYPE =System.IdentityModel.Services.SessionAuthenticationModule，System.IdentityModel.Services，版本= 4.0.0.0，文化=中性公钥= b77a5c561934e089preCondition =managedHandler/＆GT;
  ＆LT; /模块＆gt;
＆LT; /system.webServer>
＆LT; system.identityModel＆GT;
  ＆LT; identityConfiguration＆GT;
    ＆LT; audienceUris＆GT;
      ＆LT;增加价值=HTTP：//本地主机：50332 //＆GT;
    ＆LT; / audienceUris＆GT;
    ＆LT; issuerNameRegistry TYPE =System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry，System.IdentityModel，版本= 4.0.0.0，文化=中性公钥= b77a5c561934e089＆GT;
      ＆LT; trustedIssuers＆GT;
        ＆LT;加入指纹=9B74CB2F320F7AAFC156E1252270B1DC01EF40D0NAME =LocalSTS/＆GT;
        ＆LT;加入指纹=C00C014CA49559426B6D70162C2D89689E9397FFNAME =htt​​ps://nitoprograms-0.accesscontrol.windows.net//＆GT;
      ＆LT; / trustedIssuers＆GT;
    ＆LT; / issuerNameRegistry＆GT;
    ＆LT; certificateValidation certificateValidationMode =无/＆GT;
  ＆LT; / identityConfiguration＆GT;
＆LT; /system.identityModel>
＆LT; system.identityModel.services＆GT;
  ＆LT; federationConfiguration＆GT;
    ＆LT;的CookieHandler requireSsl =FALSE/＆GT;
    ＆LT; wsFederation passiveRedirectEnabled =真发行人=HTTP：//本地主机：13340 / wsFederationSTS /问题的境界=HTTP：//本地主机：50332 /回复=HTTP：//本地主机：50332 /requireHttps =假/＆GT;
  ＆LT; / federationConfiguration＆GT;
＆LT; /system.identityModel.services>
 

解决方案

在本地运行（在Windows 8发布preVIEW计算机上），下面的code的确实的工作：

 ＆LT; P＆GT;身份验证：@ User.Identity.IsAuthenticated＆LT; / P＆GT;
＆LT; P＆GT;名称：@ User.Identity.Name＆LT; / P＆GT;
@ {
    动态身份=​​ User.Identity;
    ＆LT;表＆gt;
        ＆所述; TR＆GT;
            百分位＆GT;类型＆lt; /第i个百分位＆GT;价值＆LT; /第i个百分位＆GT;发行人＆LT; /第i个百分位＆GT;发证机关和LT; /第i
        ＆LT; / TR＆GT;
        @foreach（VAR索赔identity.Claims）
        {
            ＆所述; TR＆GT;
                <td>@claim.Type</td><td>@claim.Value</td><td>@claim.Issuer</td><td>@claim.OriginalIssuer</td>
            ＆LT; / TR＆GT;
        }
    ＆LT; /表＆gt;
}
 

这使我相信，对于VS2012RC的WIF工具只支持.NET 4.5作为目标。

在本地运行，实际运行时是.NET 4.5，它具有与WIF（比较的此图用于​​.NET 4.0 ，提供的此图用于​​.NET 4.5 ）。因此，通过使用动态（和不断变化的 ClaimType 到键入 ），我能够本地访问.NET 4.5 WIF运行时（即使该项目的目标.NET 4.0）。

我试图部署到云中，但应用程序抱怨找不到 System.IdentityModel.Services.dll （因为天青只使用.NET 4.0目前）。不是对我来说太大的交易，因为我不上，直到部署.NET 4.5的淘汰计划。

I've got the WIF tools for VS2012RC, and I'm trying to get my ASP.NET MVC 4 project to use them. I've installed the NuGet package for Microsoft.IdentityModel.dll.

The MVC project is part of an Azure project, but I have the MVC project selected for startup right now.

Currently, I have the "Local Development Test STS" selected (with the default settings). When I execute the following code (in my HomeController Index view):

<p>Authenticated: @User.Identity.IsAuthenticated</p>
<p>Name: @User.Identity.Name</p>
@{
    var identity = User.Identity as Microsoft.IdentityModel.Claims.IClaimsIdentity;
    if (identity == null)
    {
        <p>Error: no identity claims to process!</p>
    }
    else
    {
        <table>
            <tr>
                <th>Type</th><th>Value</th><th>Issuer</th><th>Original Issuer</th>
            </tr>
            @foreach (var claim in identity.Claims)
            {
                <tr>
                    <td>@claim.ClaimType</td><td>@claim.Value</td><td>@claim.Issuer</td><td>@claim.OriginalIssuer</td>
                </tr>
            }
        </table>
    }
}

then I get output like this:

<p>Authenticated: True</p>
<p>Name: Terry</p>
<p>Error: no identity claims to process!</p>

Why aren't the claims being picked up?

Here's the relevant parts of web.config:

<configSections>
  <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
  <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<appSettings>
  <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  <add key="webpages:Version" value="2.0.0.0" />
  <add key="webpages:Enabled" value="false" />
  <add key="PreserveLoginUrl" value="true" />
  <add key="ida:FederationMetadataLocation" value="http://localhost:13340/wsFederationSTS/FederationMetadata/2007-06/FederationMetadata.xml" />
  <add key="ida:ProviderSelection" value="localSTS" />
</appSettings>
<location path="FederationMetadata">
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
</location>
<system.web>
  <authorization>
    <deny users="?" />
  </authorization>
  <authentication mode="None" />
  <profile defaultProvider="DefaultProfileProvider">
    <providers>
      <add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
    </providers>
  </profile>
  <membership defaultProvider="DefaultMembershipProvider">
    <providers>
      <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
    </providers>
  </membership>
  <roleManager defaultProvider="DefaultRoleProvider">
    <providers>
      <add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
    </providers>
  </roleManager>
  <sessionState mode="InProc" customProvider="DefaultSessionProvider">
    <providers>
      <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
    </providers>
  </sessionState>
</system.web>
<system.webServer>
  <validation validateIntegratedModeConfiguration="false" />
  <modules runAllManagedModulesForAllRequests="true">
    <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
    <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
  </modules>
</system.webServer>
<system.identityModel>
  <identityConfiguration>
    <audienceUris>
      <add value="http://localhost:50332/" />
    </audienceUris>
    <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
      <trustedIssuers>
        <add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" name="LocalSTS" />
        <add thumbprint="C00C014CA49559426B6D70162C2D89689E9397FF" name="https://nitoprograms-0.accesscontrol.windows.net/" />
      </trustedIssuers>
    </issuerNameRegistry>
    <certificateValidation certificateValidationMode="None" />
  </identityConfiguration>
</system.identityModel>
<system.identityModel.services>
  <federationConfiguration>
    <cookieHandler requireSsl="false" />
    <wsFederation passiveRedirectEnabled="true" issuer="http://localhost:13340/wsFederationSTS/Issue" realm="http://localhost:50332/" reply="http://localhost:50332/" requireHttps="false" />
  </federationConfiguration>
</system.identityModel.services>

解决方案

When running locally (on a Windows 8 Release Preview machine), the following code does work:

<p>Authenticated: @User.Identity.IsAuthenticated</p>
<p>Name: @User.Identity.Name</p>
@{
    dynamic identity = User.Identity;
    <table>
        <tr>
            <th>Type</th><th>Value</th><th>Issuer</th><th>Original Issuer</th>
        </tr>
        @foreach (var claim in identity.Claims)
        {
            <tr>
                <td>@claim.Type</td><td>@claim.Value</td><td>@claim.Issuer</td><td>@claim.OriginalIssuer</td>
            </tr>
        }
    </table>
}

This leads me to believe that the WIF tools for VS2012RC only support .NET 4.5 as a target.

When running locally, the actual runtime is .NET 4.5, which has core identity changes related to WIF (compare this diagram for .NET 4.0 with this diagram for .NET 4.5). So, by using dynamic (and changing ClaimType to Type), I'm able to access the .NET 4.5 WIF runtime locally (even though the project targets .NET 4.0).

I tried deploying to the cloud, but the app complained about not finding System.IdentityModel.Services.dll (since Azure only uses .NET 4.0 currently). Not too big of a deal for me since I don't plan on deploying until .NET 4.5 is out.

这篇关于身份不使用WIF IClaimsIdentity（在ASP.NET MVC 4 /天青）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！