OWIN ADFS 不返回 SecurityToken
OWIN ADFS not returning SecurityToken
我正在尝试为另一个 adfs 生成一个 ActAs 令牌,但我登录的第一个 ADFS 没有 return 我的 SecurityToken。
我是否缺少 OWIN 启动的某些配置?
Startup.cs
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions { });
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = ConfigurationManager.AppSettings["ida:Audience"],
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
TokenValidationParameters = new TokenValidationParameters
{
SaveSigninToken = true,
ValidAudience = ConfigurationManager.AppSettings["ida:Audience"],
},
Configuration = getWsFederationConfiguration()
}
);
}
private static WsFederationConfiguration getWsFederationConfiguration()
{
WsFederationConfiguration configuration = new WsFederationConfiguration
{
Issuer = ConfigurationManager.AppSettings["wsFederation:trustedIssuer"],
TokenEndpoint = ConfigurationManager.AppSettings["wsFederation:issuer"],
};
configuration.SigningKeys.Add(new X509SecurityKey(new X509Certificate2(Convert.FromBase64String(ConfigurationManager.AppSettings["wsFederation:trustedIssuerSigningKey"]))));
return configuration;
}
我如何取回令牌:
public SecurityToken GetSecuritySAMLToken()
{
ClaimsPrincipal icp = Thread.CurrentPrincipal as ClaimsPrincipal;
ClaimsIdentity claimsIdentity = (ClaimsIdentity)icp.Identity;
BootstrapContext bootstrapContext = claimsIdentity.BootstrapContext as BootstrapContext;
//bootstrapContext is not null and bootstrapContext.Token is not null, however bootstrapContext.SecurityToken is null
return bootstrapContext.SecurityToken;
}
更新 1
尝试将字符串 (SAMLToken) 转换为 SecurityToken,handler.ReadToken returns null。
public SecurityToken GetSecuritySAMLToken()
{
ClaimsPrincipal icp = Thread.CurrentPrincipal as ClaimsPrincipal;
ClaimsIdentity claimsIdentity = (ClaimsIdentity)icp.Identity;
BootstrapContext bootstrapContext = claimsIdentity.BootstrapContext as BootstrapContext;
return GetSecurityTokenFromStringToken(bootstrapContext);
}
private static SecurityToken GetSecurityTokenFromStringToken(BootstrapContext bootstrapContext)
{
var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
SecurityToken ST = handler.ReadToken(bootstrapContext.Token);
return ST;
}
必须以这种方式检索它:
private static SecurityToken GetSecurityTokenFromStringToken(BootstrapContext bootstrapContext)
{
Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler handler = new Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler();
handler.Configuration = new Microsoft.IdentityModel.Tokens.SecurityTokenHandlerConfiguration();
XmlReader reader = XmlReader.Create(new StringReader(bootstrapContext.Token));
SecurityToken samlToken = handler.ReadToken(reader);
return samlToken;
}
我正在尝试为另一个 adfs 生成一个 ActAs 令牌,但我登录的第一个 ADFS 没有 return 我的 SecurityToken。 我是否缺少 OWIN 启动的某些配置?
Startup.cs
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions { });
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = ConfigurationManager.AppSettings["ida:Audience"],
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
TokenValidationParameters = new TokenValidationParameters
{
SaveSigninToken = true,
ValidAudience = ConfigurationManager.AppSettings["ida:Audience"],
},
Configuration = getWsFederationConfiguration()
}
);
}
private static WsFederationConfiguration getWsFederationConfiguration()
{
WsFederationConfiguration configuration = new WsFederationConfiguration
{
Issuer = ConfigurationManager.AppSettings["wsFederation:trustedIssuer"],
TokenEndpoint = ConfigurationManager.AppSettings["wsFederation:issuer"],
};
configuration.SigningKeys.Add(new X509SecurityKey(new X509Certificate2(Convert.FromBase64String(ConfigurationManager.AppSettings["wsFederation:trustedIssuerSigningKey"]))));
return configuration;
}
我如何取回令牌:
public SecurityToken GetSecuritySAMLToken()
{
ClaimsPrincipal icp = Thread.CurrentPrincipal as ClaimsPrincipal;
ClaimsIdentity claimsIdentity = (ClaimsIdentity)icp.Identity;
BootstrapContext bootstrapContext = claimsIdentity.BootstrapContext as BootstrapContext;
//bootstrapContext is not null and bootstrapContext.Token is not null, however bootstrapContext.SecurityToken is null
return bootstrapContext.SecurityToken;
}
更新 1
尝试将字符串 (SAMLToken) 转换为 SecurityToken,handler.ReadToken returns null。
public SecurityToken GetSecuritySAMLToken()
{
ClaimsPrincipal icp = Thread.CurrentPrincipal as ClaimsPrincipal;
ClaimsIdentity claimsIdentity = (ClaimsIdentity)icp.Identity;
BootstrapContext bootstrapContext = claimsIdentity.BootstrapContext as BootstrapContext;
return GetSecurityTokenFromStringToken(bootstrapContext);
}
private static SecurityToken GetSecurityTokenFromStringToken(BootstrapContext bootstrapContext)
{
var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
SecurityToken ST = handler.ReadToken(bootstrapContext.Token);
return ST;
}
必须以这种方式检索它:
private static SecurityToken GetSecurityTokenFromStringToken(BootstrapContext bootstrapContext)
{
Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler handler = new Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler();
handler.Configuration = new Microsoft.IdentityModel.Tokens.SecurityTokenHandlerConfiguration();
XmlReader reader = XmlReader.Create(new StringReader(bootstrapContext.Token));
SecurityToken samlToken = handler.ReadToken(reader);
return samlToken;
}