【问题标题】:MVC, ADFS 2.0 and WIF 4.5 issuesMVC、ADFS 2.0 和 WIF 4.5 问题
【发布时间】:2013-07-21 17:52:59
【问题描述】:

我正在尝试在 MVC 4.0 项目中主动查询 ADFS。我们将有多个 STS,并且无法以我目前对“被动”身份验证配置的理解。

能够从 ADFS 服务器获取令牌,但是当我尝试读取令牌时,我收到一条加密错误消息以及“数据无效”的内部异常.

*关于 ApplicationPool 的建议不是我的问题。

EndpointAddress endpointAddress = new EndpointAddress(OtherStsAddress);
UserNameWSTrustBinding binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, endpointAddress);
factory.Credentials.UserName.UserName = string.Concat(domain, "\\", username); 
factory.Credentials.UserName.Password = password;
factory.TrustVersion = System.ServiceModel.Security.TrustVersion.WSTrust13;
WSTrustChannel channel = (WSTrustChannel)factory.CreateChannel();
RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Symmetric);
rst.AppliesTo = new EndpointReference(YourStsAddress);    
var genericToken = channel.Issue(rst) as GenericXmlSecurityToken;                
var handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers;

// blowing up here
var token = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml)));  

var identity = handlers.ValidateToken(token).First();    
var sessionToken = new SessionSecurityToken(new ClaimsPrincipal(identity));
FederatedAuthentication.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionToken, true);
return token;       

例外情况如下:

System.InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false.  ---> System.Security.Cryptography.CryptographicException: The data is invalid.

   at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
   at System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded)
   --- End of inner exception stack trace ---
   at System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded)
   at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound)
   at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver)
   at System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader)
   at Compass.SupplyChain.UI.Controllers.Registration.RegistrationController.RequestSecurityToken(String domain, String username, String password)

任何方向都会受到赞赏,即使您没有直接的答案。我什至不确定下一步该做什么。在这一点上,谷歌搜索甚至没有返回有用的结果。或者,也许我现在只是脑死了。

【问题讨论】:

    标签: asp.net-mvc .net-4.5 wif adfs


    【解决方案1】:

    您可能正在走最复杂的路线:-)。 “被动配置”有什么问题?它应该可以工作。

    有很多 MVC 4 / ADFS(或其他 STS)的示例。

    一些示例/资源可供查看:

    【讨论】:

    • 确实,在 WIF 和简单的联邦领域中并没有很多。我在 Thinktecture 的 Identity Server 上构建了一个 POC。他们有一些很好的例子,展示了如何在应用程序启动时配置处理程序,然后在处理消息以加载身份时自动使用这些处理程序。我还发现此页面上的图 8 很有帮助。 msdn.microsoft.com/en-us/magazine/ee335707.aspx
    猜你喜欢
    • 1970-01-01
    • 2016-03-14
    • 1970-01-01
    • 1970-01-01
    • 2017-06-04
    • 2012-04-01
    • 2012-08-18
    • 2016-08-21
    • 2016-01-30
    相关资源
    最近更新 更多