排除WIF授权特定路径在ASP.NET MVC 4项目 [英] Exclude specific path from WIF authorization in a ASP.NET MVC 4 project

问题描述

我们已经成功地在我们的ASP.NET MVC 4.5项目4配置了Windows身份验证基础（WIF）与在身份和访问的帮助... 扩展为Visual Studio 2012，但无法从授权排除特定路径，允许匿名访问。

We have successfully configured windows identity foundation (WIF) in our ASP.NET 4.5 MVC 4 project with the help of the Identity and Access... extension for Visual Studio 2012. But are unable to exclude a specific path from authorization to allow anonymous access.

当我们进入我们的默认路由（即 /首页），被动重定向将我们重定向到配置的发布者URI。这是当期的。但是，现在假设我们要排除路径 /客户从STS身份验证，因此，每个人都可以访问的http：// ourhost /客户不beeing路由到STS发行人。只有静态文件都在那里。

When we access our default route (i.e. /Home), the passive redirection will redirect us to the configured issuer Uri. This is currect. But now assume we want to exclude Path /Guest from STS Authentication so that everybody can access http://ourhost/Guest without beeing routed to the STS issuer. Only static documents are located there.

从片段的Web.config ：

<system.identityModel>
  <identityConfiguration>
    <audienceUris>
      <add value="http://ourhost/" />
    </audienceUris>
    <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
      <trustedIssuers>
        <add thumbprint="9B74****40D0" name="OurSTS" />
      </trustedIssuers>
    </issuerNameRegistry>
    <certificateValidation certificateValidationMode="None" />
  </identityConfiguration>
</system.identityModel>
<system.identityModel.services>
  <federationConfiguration>
    <cookieHandler requireSsl="false" />
    <wsFederation passiveRedirectEnabled="true" issuer="http://oursts/Issue" realm="http://ourhost/" reply="http://ourhost/" requireHttps="false" />
  </federationConfiguration>
</system.identityModel.services>

另外，我们有...

Further we have...

<system.webServer>
  <!-- ... -->
  <modules runAllManagedModulesForAllRequests="true">
    <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
    <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
    <remove name="FormsAuthentication" />
  </modules>
</system.webServer>

最后：

<system.web>
  <!-- ... -->
  <authentication mode="None" />
</system.web>

我们尝试没有成功如下：

We tried the following without success:

<location path="~/Guest"> <!-- also "/Guest" is not working -->
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
</location>

我们也试图把一个小的Web.config文件放到这个文件夹，没有成功。无论我们定位在浏览器中，我们总是重定向其URI。

We also tried to put a small Web.config file into this folder, without success. No matter which Uri we locate to in the browser, we're always redirected.

什么是实现这一目标的正确方法？

What is the proper way to accomplish this?

修改

删除了previous接受回答，将接受的答案 Eugenios回答因为这是更多有用的回复。

Removed the previous "accepted answered", set "accepted answer" to Eugenios answer as this is the more useful reply.

推荐答案

在一个MVC应用程序通常会定义通过控制器和行动 [授权] 属性的访问。

In an MVC app you typically define access through the [Authorize] attribute in controllers and actions.

从web.config中只是删除：

Just remove from web.config:

<system.web>
     <authorization>
        <deny users="?" />
      </authorization>

请注意：这通常是由自动添加的添加STS引用的向导在VS2010

Note: this is usually added automatically by the "Add STS Reference" wizard in VS2010

看来这个行为是完全在VS2012和新的工具是一样的。我刚刚创建了一个全新的MVC4应用程序。跑了身份和访问......用本地配置STS工具（左所有默认值）。

It seems that the behaviour is exactly the same on VS2012 and the new tools. I just created a brand new MVC4 app. Ran the "Identity and Access..." tool with a local config STS (left all defaults).

它做这个片段添加到Web.config：

It did add this fragment to the web.config:

<authorization>
  <deny users="?" />
</authorization>

我删除，并添加 [授权] 来的关于控制器动作：

[Authorize]
public ActionResult About()
{
    ViewBag.Message = "Your app description page.";

    return View();
}

当我点击关于链接，然后我得到重定向到STS。其他一切工作与匿名访问。

When I click on the "About" link, then I get redirected to the STS. Everything else works with anonymous access.

请注意：

您有太多的向导在此方面的控制（见向导的配置页）。

You have some control on this too in the wizard (see the "Configuration" page of the wizard).

这篇关于排除WIF授权特定路径在ASP.NET MVC 4项目的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！