【问题标题】:Claims transformation in ADFS 3.0 by making a call to REST API通过调用 REST API 在 ADFS 3.0 中声明转换
【发布时间】:2014-09-12 17:11:11
【问题描述】:

我们的企业中有一个 ASP.NET Web API(REST 服务),它为我们提供了粗粒度声明列表,我们希望在将令牌传递到应用程序之前将这些声明注入到 adfs 令牌中。有谁知道是否可以使用自定义属性存储进行休息调用(通过将参数从 ADFS 3.0 中的声明规则语言传递给自定义属性存储)?

对此的任何帮助将不胜感激!

谢谢,
阿迪。

【问题讨论】:

    标签: rest asp.net-web-api claims-based-identity adfs claims


    【解决方案1】:

    不,您不能使用声明规则语言来执行此操作。

    这有点像 hack,但您可以将声明写入例如一个数据库,然后使用custom attribute store

    如果您可以在客户端访问 WIF,则可以在那里增加声明,例如Adding custom roles to windows roles in ASP.NET using claims.

    【讨论】:

      【解决方案2】:

      我能够从自定义属性存储进行 REST 调用。对此仍有疑问的人可以查看以下代码。

      using System;
      using System.Collections.Generic;
      using System.Text;
      using System.IdentityModel;
      
      using Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore;
      using System.Net.Http;
      using System.Net;
      
      namespace CustomAttributeStores
      {
          public class CoarseGrainClaimsAttributeStore : IAttributeStore
          {
              #region Private Members
      
              private string API_Server = "https://<Server Name>/API/";
      
              #endregion
      
              #region IAttributeStore Members
      
              public IAsyncResult BeginExecuteQuery(string query, string[] parameters, AsyncCallback callback, object state)
              {   
                  string result = string.Empty;
      
                  if (parameters == null)
                  {
                      throw new AttributeStoreQueryFormatException("No query parameter.");
                  }
      
                  if (parameters.Length != 1)
                  {
                      throw new AttributeStoreQueryFormatException("More than one query parameter.");
                  }
      
                  string userName = parameters[0];
      
                  if (userName == null)
                  {
                      throw new AttributeStoreQueryFormatException("Query parameter cannot be null.");
                  }
      
                  //Ignore SSL Cert Error
                  //TODO: Need to set the SSL cert correctly for PROD Deployment
                  ServicePointManager.ServerCertificateValidationCallback +=  (sender, cert, chain, sslPolicyErrors) => true;
      
                  using (var client = new HttpClient())
                  {
      
                      //The url can be passed as a query
                      string serviceUrl = API_Server  + "GetAdditionalClaim";
                      serviceUrl += "?userName=" + userName;
      
                      //Get the SAML token from the API
                      result = client
                                  .GetAsync(serviceUrl)
                                  .Result
                                  .Content.ReadAsStringAsync().Result;
                      result = result.Replace("\"", "");
                  }
      
                  string[][] outputValues = new string[1][];
                  outputValues[0] = new string[1];
                  outputValues[0][0] = result;
      
                  TypedAsyncResult<string[][]> asyncResult = new TypedAsyncResult<string[][]>(callback, state);
                  asyncResult.Complete(outputValues, true);
                  return asyncResult;
              }
      
              public string[][] EndExecuteQuery(IAsyncResult result)
              {
                  return TypedAsyncResult<string[][]>.End(result);
              }
      
              public void Initialize(Dictionary<string, string> config)
              {
                  // No initialization is required for this store.
              }
      
              #endregion
          }
      }
      

      【讨论】:

      • 您使用什么规则语言来调用此属性存储?
      猜你喜欢
      • 1970-01-01
      • 2015-12-20
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2020-02-17
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多