通SAML令牌进入网络API调用 [英] Pass SAML token into web api call

问题描述

我有一个通过验证ADFS Web应用程序和Web API服务。它们包含在同一个IIS应用程序和Web应用程序进行调用回Web API服务没有问题。

I have a web application and web api services that authenticate through ADFS. They are contained in the same IIS application, and the web app makes calls back to the web api services without a problem.

我现在正在试图从不同的应用程序调用相同的服务，但我有传送令牌麻烦。我能够进行身份验证并检索与以下code SAML令牌：

I'm now trying to call the same services from a different application, but am having trouble passing the token. I am able to authenticate and retrieve a SAML token with the following code:

var stsEndpoint = "https://MyAdfsServer/adfs/services/trust/13/UsernameMixed";
var reliantPartyUri = "https://MyDomain/AppRoot/";

var factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(
            new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
            new EndpointAddress(stsEndpoint));

factory.TrustVersion = System.ServiceModel.Security.TrustVersion.WSTrust13;

// Username and Password here...
factory.Credentials.UserName.UserName = @"Domain\UserName";
factory.Credentials.UserName.Password = "Password";

var rst = new RequestSecurityToken
    {
        RequestType = RequestTypes.Issue,
        AppliesTo = new EndpointAddress(reliantPartyUri),
        KeyType = KeyTypes.Bearer,
    };

var channel = factory.CreateChannel();
var token = channel.Issue(rst) as GenericXmlSecurityToken;

var saml = token.TokenXml.OuterXml;

不过，我不知道如何通过SAML到Web API调用。我试过这样：

However, I'm not sure how to pass the saml in to the web api call. I've tried this:

using (var handler = new HttpClientHandler() 
    { 
        ClientCertificateOptions = ClientCertificateOption.Automatic,
        AllowAutoRedirect = false
    })
{
    using (var client = new HttpClient(handler))
    {
        client.BaseAddress = new Uri("https://MyDomain/AppRoot/api/");

        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("SAML", saml);

        HttpResponseMessage response = client.GetAsync("MyService/Get/").Result;

        // Get the results...
        var result = response.Content.ReadAsStringAsync().Result;
        var status = response.StatusCode;
    }
}

这是返回302状态code，并试图给我重定向到ADFS服务器进行身份验证。是否有另一种方式来SAML令牌传递到Web API服务？

This is returning a status code of 302 and trying to redirect me to the ADFS server for authentication. Is there another way to pass the SAML token to the web api service?

推荐答案

（SET）

            string samlString = "blah blah blah";

            byte[] bytes = Encoding.UTF8.GetBytes(samlString);

            string base64SamlString = Convert.ToBase64String(bytes);

            myHttpClient.DefaultRequestHeaders.Add("X-My-Custom-Header", base64SamlString);

（GET）

        IEnumerable<string> headerValues = request.Headers.GetValues("X-My-Custom-Header");

        if (null != headerValues)

        {

            var encoding = Encoding.GetEncoding("iso-8859-1");

            string samlToken = encoding.GetString(Convert.FromBase64String(headerValues.FirstOrDefault()));

        }

这篇关于通SAML令牌进入网络API调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！