【发布时间】:2015-02-26 08:27:12
【问题描述】:
我的团队有一个基于 ASP.NET MVC 的网站和受被动联合身份验证保护的 WebAPI。一切正常。我们遇到的问题是我们需要在自动部署后测试网站和 Web API。假设测试代码由有权访问网站的用户运行,我们如何验证并从自动测试代码获取网站的 FEDAUTH cookie?
【问题讨论】:
标签: asp.net authentication wif adfs ws-federation
我的团队有一个基于 ASP.NET MVC 的网站和受被动联合身份验证保护的 WebAPI。一切正常。我们遇到的问题是我们需要在自动部署后测试网站和 Web API。假设测试代码由有权访问网站的用户运行,我们如何验证并从自动测试代码获取网站的 FEDAUTH cookie?
【问题讨论】:
标签: asp.net authentication wif adfs ws-federation
您可以让您的 Web API 支持主动身份验证。它需要一些工作来更改配置和身份验证处理程序,但它也会使您的 Web API 也可以从程序客户端轻松访问。如果您只想在您的自动化测试代码中获取 FEDAUTH cookie,则可以使用以下代码示例。它模仿浏览器将用户令牌发布到网站并获取 cookie。
// The code needs the STS server and the website url
var stsUrl = "https://your_STS";
var serviceUrl = "https://your_Service";
// Use Windows Credential to get the token
var binding = new WSHttpBinding(SecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
var factory = new WSTrustChannelFactory(binding, stsUrl) { TrustVersion = TrustVersion.WSTrust13 };
// Override current login user credential if needed:
// factory.Credentials.Windows.ClientCredential = userCredential;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
KeyType = KeyTypes.Bearer,
AppliesTo = new EndpointReference(serviceUrl)
};
RequestSecurityTokenResponse rstr;
var token = factory.CreateChannel().Issue(rst, out rstr);
var fedSerializer = new System.IdentityModel.Services.WSFederationSerializer();
var rstrContent = fedSerializer.GetResponseAsString(rstr, new WSTrustSerializationContext());
// After this the security token is acquired and saved in rstrContent
var client = new HttpClient();
// Initiate a request to the service, which will be redirected to STS. Read WS fed fields from redirected URL.
var response = client.GetAsync(serviceUrl).Result;
response.EnsureSuccessStatusCode();
var redirectQuery = response.RequestMessage.RequestUri.Query;
var queryParams = System.Web.HttpUtility.ParseQueryString(redirectQuery);
// construct a authentication form
var formData = new Dictionary<string, string>
{
{"wa", queryParams["wa"]},
{"wresult", rstrContent},
{"wctx", queryParams["wctx"] },
};
// post the authentication form to the website.
response = client.PostAsync(serviceUrl, new FormUrlEncodedContent(formData)).Result;
response.EnsureSuccessStatusCode();
// After this, the auth cookie is set in this HttpClient that you can use to access your service
【讨论】: