自定义登录页面的Azure ACS不工作 [英] A custom login page for Azure ACS not working

问题描述

我下载了从ACS门户样品登录页面我的应用程序，这是一个HTML文件。
然后我配置我的WIF的应用程序，一切都完美。

I downloaded the sample login page from the ACS portal for my application, which is a html file. I then configured my application with WIF, and everything worked perfectly.

由于我们需要处理和保存呼入查询字符串，所以用户已经登入之后查询字符串以后可以使用的，我们需要的HTML登录页面移动到aspx页

Since we need to handle and save an incoming querystring, so that querystring can be used later after the user had been logged in, we needed to move the html login page to a aspx page.

问题是，当我改变了WIF发行人在web.config文件到aspx文件，它停止工作。当它工作，它看起来是这样的：

The problem is that when I change the issuer for WIF in the web.config file to the aspx file, it stops working. When it works it looks like this:

<certificateValidation certificateValidationMode="None" />
  <federatedAuthentication>
    <wsFederation passiveRedirectEnabled="true" issuer="http://localhost:81/acstest/WebSiteAdvancedACSLoginPageCode.html" realm="http://localhost:81/acstest/" requireHttps="false" />
    <cookieHandler requireSsl="false" />
  </federatedAuthentication>

但是当我将其更改为我的aspx页面，在这里我只是感动了所有code在HTML页面进去，我不能连加载页面：

But then when I change it to my aspx page, where I just moved all the code in the html page into, I cant even load the page:

<certificateValidation certificateValidationMode="None" />
  <federatedAuthentication>
    <wsFederation passiveRedirectEnabled="true" issuer="http://localhost:81/acstest/WebSiteAdvancedACSLoginPageCode.aspx" realm="http://localhost:81/acstest/" requireHttps="false" />
    <cookieHandler requireSsl="false" />
  </federatedAuthentication>

当我再与配置，我可以在小提琴手看到的东西是不正确的aspx文件运行时，它会尝试一个GET，并保持收到对象移到这里：这是GET请求：

When I then run with the aspx file configured I can see in fiddler that something isn't right, It tries to a get, and keeps getting "object moved to here:" This is the get request:

GET http://localhost:81/acstest/WebSiteAdvancedACSLoginPageCode.aspx?wa=wsignin1.0&wtrealm=http%3a%2f%2flocalhost%3a81%2facstest%2f&wctx=rm%3d0%26id%3dpassive%26ru%3d%252facstest%252fWebSiteAdvancedACSLoginPageCode.aspx&wct=2011-11-23T09%3a33%3a30Z HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: sv-SE
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: localhost:81
Cookie: ACSChosenIdentityProvider-10001951=Google

在结束它抛出一个异常，该查询字符串太长。
错误和请求的警告：

In the end it throws an exception that the querystring is too long. The error and warning of the request:

MODULE_SET_RESPONSE_ERROR_STATUS

MODULE_SET_RESPONSE_ERROR_STATUS

模块名
  UrlAuthorization

ModuleName UrlAuthorization

通知
  AUTHORIZE_REQUEST

Notification AUTHORIZE_REQUEST

的HTTPStatus
  401

HttpStatus 401

Htt的preason
  未经授权

HttpReason Unauthorized

HttpSubStatus
  0

HttpSubStatus 0

错误code
  Åtgärden哈日slutförts。
  （为0x0）

ErrorCode Åtgärden har slutförts. (0x0)

ConfigExceptionInfo

ConfigExceptionInfo

任何意见或解决方案可选择性是ptiated AP $ P $。

Any feedback or alternativ solution is appretiated.

推荐答案

发行人应该还是ACS，而不是你的网站（除非你实现你自己的STS，这并不像你想）。发行人== STS在WIF的配置。

The "issuer" should still be ACS, not your site (unless you implement your own STS, which doesn't look like you want to). Issuer == STS in WIF configuration.

要preserve状态横跨令牌谈判（它通过重定向发生）的最佳人选（例如网址等），通过在 wctx 参数。您可以编程设置此。

The best candidate to preserve state (e.g. urls, etc) across the token negotiation (which happens through redirects) is through the wctx parameter. You can set this programatically.

从这个下载先看样品＃7：的http：// www.microsoft.com/download/en/details.aspx?id=27289

Look at the sample #7 from this download: http://www.microsoft.com/download/en/details.aspx?id=27289

第二章： http://msdn.microsoft.com/en-us/库/ hh446534.aspx从这个
指南： http://msdn.microsoft.com/en-us/library/ff423674的.aspx

在code看起来像这样（片段）：

The code looks like this (fragment):

var returnUrl = GetReturnUrl(context.RequestContext);

// user is not authenticated and it's entering for the first time
var fam = FederatedAuthentication.WSFederationAuthenticationModule;
var signIn = new SignInRequestMessage(new Uri(fam.Issuer), fam.Realm)
                {
                    Context = returnUrl.ToString(),
                    Realm = string.Format("https://localhost/f-shipping.7/{0}", organizationName)
                };

context.Result = new RedirectResult(signIn.WriteQueryString());

这篇关于自定义登录页面的Azure ACS不工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！