web.config 中带有 ida 前缀的 appSettings 键的用途
Purpose of ida-prefixed appSettings keys in web.config
我正在开发受 WIF 4.5 保护的 Web 应用程序,新的
Visual Studio 模板会将以下键添加到 web.config 文件中:
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://example.com/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://example.com/applications/serviceapp/" />
<add key="ida:AudienceUri" value="https://example.com/applications/serviceapp/" />
以及典型的 system.IdentityModel 标签:
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://example.com/applications/serviceapp/" />
</audienceUris>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://example.com/adfs/services/trust">
<keys>
<add thumbprint="3aa0dee165bec459a472aa611cc19453abd61f08" />
</keys>
<validIssuers>
<add name="http://example.com/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true" issuer="https://example.com/adfs/ls/" realm="https://example.com/applications/serviceapp/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
我的问题是,ida 前缀的 appSettings 键的目的是什么,因为它们似乎根本没有被使用并且包含冗余信息(因为它必须在 system.identityModel 中声明).
我用谷歌搜索并找到了这篇文章:
Identity in your own apps with Windows Azure Active Directory
上面写着:
First, we got two new sections: system.identityModel and system.identityModel.services with some data in it. AppSettings have been extended with keys like “ida:FederationMetadataLocation” and so on. The prefix “ida” stands for Identity and Authorization. These values are important for identifiying our app. ... ida:AudienceUri and ida:Realm is the Unique ID of our app (in URL-format). ida:FederationMetadataLocation is the address of the XML-document where we get the endpoints for login and logout.
没有明确说明何时使用此信息。也许 ida 标签仅在 Windows Azure 上托管时使用?郑重声明:我们的应用程序,包括 ADFS,都是本地的。
我可以简单地删除它们吗?
AFAIK,"ida" 键被 VS 插件和其他工具使用。它们允许您使用 plugin/tools 更新您 web.Config 中的 WIF 相关配置。如果密钥或其他内容发生变化,这很方便。必须说,新的 owin 管道通过在启动时下载元数据文档使这一步更进一步,因此您的应用程序始终是最新的。
恕我直言,您的应用程序不需要它们,您可以删除它们。
WIF / OWIN 使用它们来获取元数据,例如签名证书并设置登录/登录信息,例如wtrealm.
我正在开发受 WIF 4.5 保护的 Web 应用程序,新的 Visual Studio 模板会将以下键添加到 web.config 文件中:
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://example.com/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://example.com/applications/serviceapp/" />
<add key="ida:AudienceUri" value="https://example.com/applications/serviceapp/" />
以及典型的 system.IdentityModel 标签:
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://example.com/applications/serviceapp/" />
</audienceUris>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://example.com/adfs/services/trust">
<keys>
<add thumbprint="3aa0dee165bec459a472aa611cc19453abd61f08" />
</keys>
<validIssuers>
<add name="http://example.com/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true" issuer="https://example.com/adfs/ls/" realm="https://example.com/applications/serviceapp/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
我的问题是,ida 前缀的 appSettings 键的目的是什么,因为它们似乎根本没有被使用并且包含冗余信息(因为它必须在 system.identityModel 中声明).
我用谷歌搜索并找到了这篇文章: Identity in your own apps with Windows Azure Active Directory
上面写着:
First, we got two new sections: system.identityModel and system.identityModel.services with some data in it. AppSettings have been extended with keys like “ida:FederationMetadataLocation” and so on. The prefix “ida” stands for Identity and Authorization. These values are important for identifiying our app. ... ida:AudienceUri and ida:Realm is the Unique ID of our app (in URL-format). ida:FederationMetadataLocation is the address of the XML-document where we get the endpoints for login and logout.
没有明确说明何时使用此信息。也许 ida 标签仅在 Windows Azure 上托管时使用?郑重声明:我们的应用程序,包括 ADFS,都是本地的。 我可以简单地删除它们吗?
AFAIK,"ida" 键被 VS 插件和其他工具使用。它们允许您使用 plugin/tools 更新您 web.Config 中的 WIF 相关配置。如果密钥或其他内容发生变化,这很方便。必须说,新的 owin 管道通过在启动时下载元数据文档使这一步更进一步,因此您的应用程序始终是最新的。 恕我直言,您的应用程序不需要它们,您可以删除它们。
WIF / OWIN 使用它们来获取元数据,例如签名证书并设置登录/登录信息,例如wtrealm.