如何捕获在OWIN MVC5应用WS-联合会回调自动创建在本地数据库的身份? [英] How to trap a WS-Federation callback in an OWIN MVC5 app to automatically create an identity in local database?
问题描述
我目前工作的一个vb.net MVC5应用,并使用WS-联邦所有从ADSF 3.0服务器的用户进行认证。一切正常;当用户试图访问标有AUTHORIZE属性的安全控制器,用户被重定向到STS的登录页面,他们登录,他们回来。我能够读取由ADFS服务器提供的权利要求。
I am currently working on a vb.net MVC5 application and using WS-Federation to authenticate all the users from an ADSF 3.0 server. Everything is working fine; when the users try to access a secured controller marked with the AUTHORIZE attribute, the users are redirected to the STS login page, they login and they come back. I am able to read the CLAIMS provided by the ADFS server.
我的问题是,我需要当一个新的身份验证的用户登录后在来存储更多的信息来创建我的数据库本地条目。我不希望用户手动注册,如果他通过验证,这意味着我可以信任该用户。
My problem is that i need to create a local entry in my database when a new authenticated user comes in after login to store additional informations. I do not want the user to register manually, if he is authenticated, it means i can trust this user.
该Startup.Auth.vb看起来是这样的:
The Startup.Auth.vb looks like this :
Partial Public Class Startup
Private Shared realm As String = ConfigurationManager.AppSettings("ida:Wtrealm")
Private Shared adfsMetadata As String = ConfigurationManager.AppSettings("ida:ADFSMetadata")
Public Sub ConfigureAuth(app As IAppBuilder)
app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
.AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
.LoginPath = New PathString("/Home/Login")
})
app.UseWsFederationAuthentication(New WsFederationAuthenticationOptions() With {
.AuthenticationType = "ExternalCookie",
.Wtrealm = realm,
.MetadataAddress = adfsMetadata,
.Wreply = "https://myapp.com/Home/SSOLogin"
})
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
End Sub
末级
在我家的控制器,我创建了SSOLogin行动能够做什么,我需要做的测试这个用户的presence和创建它,如果它不存在,它
In my Home controller, i have created the SSOLogin Action to be able to do what i need to do to test the presence of this user and create it if it does not exists
Public Function SSOLogin() As ActionResult
' Some code here to check if user exists or not and create it
End Function
我把一个断点在我的行动,但它从不打,因为中间件处理和检测回传它击中的操作方法,并做了302重定向到最初请求的安全页面之前。
I put a breakpoint in my action but it is never hit because the middleware handles and detect the postback before it hits the action method and does a Redirect 302 to the originally requested secured page.
问题
还有什么办法来捕获的WSFederation中间件回调或许不是对所有请求唯一的身份验证后,将事件添加到在Global.asax做我的用户自动创建,?
Are there any way to trap the callback in the WSFederation middleware or maybe add an event to the global.asax to do my user automatic creation only after authentication, not on all requests ?
感谢您的时间!
推荐答案
在WsFederationAuthenticationHandler后已经验证入站的道理,你可以注册收到通知。 WsFederationAuthenticationOptions.Notifications是在那里你可以做到这一点。
在startup.cs要设置通知:WsFederationAuthenticationNotifications.SecurityTokenValidated
After the WsFederationAuthenticationHandler has validated the inbound token, you can register to receive a notification. WsFederationAuthenticationOptions.Notifications is where you can do that. In startup.cs you want to set notification for: WsFederationAuthenticationNotifications.SecurityTokenValidated.
帕特里斯,这里是一些code,它会给你如何挂钩通知的想法。这code通常放置在startup.auth.cs。
Patrice, here is some code that will give you an idea of how to hook the notification. this code is usually placed in startup.auth.cs.
var wsFederationOptions = new WsFederationAuthenticationOptions
{
Notifications = new WsFederationAuthenticationNotifications
{
SecurityTokenValidated = (notification) =>
{
var identity = notification.AuthenticationTicket.Identity;
var defaultName = identity.FindFirst ("<claim-that-identifies-user>");
// do work here
return Task.FromResult<object>(null);
}
},
MetadataAddress = wsFedMetadataAddress,
Wreply = host,
Wtrealm = clientId
};
app.UseWsFederationAuthentication(wsFederationOptions);
这篇关于如何捕获在OWIN MVC5应用WS-联合会回调自动创建在本地数据库的身份?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
