通过实施积极ADFS认证 [英] Implementing active authentication using ADFS

问题描述

我的工作与活动目录使用ADFS的身份认证。

I am working on the authentication with Active Directory using ADFS.

在寻找，我有几篇文章来实现这一要求，但他们所提出的建议重定向应用程序的登录页面要登录ADFS的页面，然后再回来。

While searching, I got few articles to accomplish this requirement, but they are suggesting to redirect the Login page of application to Login page of ADFS and then come back.

重定向到ADFS登录页不建议作为每用户体验。

Redirecting to ADFS Login page is not suggested as per user experience.

谁能帮我找出解决方案使用ADFS幕后的活动目录进行身份验证？所以，一切都将被应用code来处理，而不是由ADFS登录页。

Can anyone help me to find out the solution to authenticate with active directory using ADFS behind the scene ? So, everything will be handled by application code, not by ADFS login page.

请指教。

请让我知道如果您有任何疑虑或查询，或者如果您需要了解更多信息。

Please let me know if you have any concern or query or if you need more information.

推荐答案

究其原因这些文章建议你重定向（使用WS联合协议）到ADFS登录页，是因为它可以让你建立联盟其他身份提供商（允许外部公司的员工使用自己的凭据登录到你的应用程序）。

The reason those articles suggest you redirect (using WS-Federation protocol) to the ADFS login page is because it allows you to set up federation to other identity providers (allow an external company' employees to use their own credentials to log in to your application).

您想要什么可以使用WS-信托协议来完成，但你放弃（或者自己实现），以联合的可能性。

What you want can be done using the WS-Trust protocol, but you'll give up (or have to implement yourself) the possibility to federate.

ADFS暴露出如 / ADFS /终端服务/信赖/ 13 / usernamemixed ，你可以跟得到一个安全令牌。像下面的东西应该让你去。

ADFS exposes endpoints like /adfs/services/trust/13/usernamemixed that you can talk to to get a security token. Something like below should get you going.

public class UserNameWSTrustBinding : WS2007HttpBinding
{
    public UserNameWSTrustBinding()
    {
        Security.Mode = SecurityMode.TransportWithMessageCredential;
        Security.Message.EstablishSecurityContext = false;
        Security.Message.ClientCredentialType = MessageCredentialType.UserName;
    }
}

private static SecurityToken GetSamlToken(string username, string password)
{
    var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(), "https://yourdomain.com/adfs/services/trust/13/UsernameMixed")
        {
            TrustVersion = TrustVersion.WSTrust13
        };

    factory.Credentials.UserName.UserName = username;
    factory.Credentials.UserName.Password = password;

    var rst = new RequestSecurityToken
    {
        RequestType = RequestTypes.Issue,
        AppliesTo = new EndpointReference("https://yourdomain.com/yourservice"),
        KeyType = KeyTypes.Bearer
    };

    var channel = factory.CreateChannel();

    return channel.Issue(rst);
}

这篇关于通过实施积极ADFS认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！