本地 WebApi 不重定向到身份验证
On-Premises WebApi not redirecting to authentication
出于某种原因,OWIN 没有重定向到 ADFS 中指定的登录页面,
我无法控制 ADFS(Windows Server 2012),我遵循了 Microsoft 文档(http://www.asp.net/visual-studio/overview/2013/creating-web-projects-in-visual-studio#orgauthonprem),但我现在卡住了。
我认为通过引用元数据,一切都可以开箱即用。
我的控制器(从WebApi生成的模板)
[Authorize]
public class ValuesController : ApiController
{
// GET api/values
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
// GET api/values/5
public string Get(int id)
{
return "value";
}
// POST api/values
public void Post([FromBody]string value)
{
}
// PUT api/values/5
public void Put(int id, [FromBody]string value)
{
}
// DELETE api/values/5
public void Delete(int id)
{
}
}
但是我得到
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Message>Authorization has been denied for this request.</Message>
</Error>
我应该实施某种基于身份验证吗?
更新!
看来有必要Microsoft.Owin.Security.WsFederation
但是现在 adfs 没有重定向到我的领域,我在用户通过身份验证后从 ADFS 收到 302。类似
/adfs/ls/?wtrealm=http%3a%2f%2flocalhost%3a554&wctx=WsFedOwinState%3d9C7kwsHRjBM86yrii5niUWF1gW9VFvCKBTj_D3z4-QQ5P25opteVK0mWf0fudEQdsgIexkHxTxhKDqBmfSWNAuJ3togHTBE40CEKYa8JLKJOxsgxNGIreYBOzNYzK8NNvR26PCMCowCFoM9NGJOC8w&wa=wsignin1.0
我的Startup.cs
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = ConfigurationManager.AppSettings["ida:AdfsMetadataEndpoint"],
Wtrealm = ConfigurationManager.AppSettings["ida:Audience"],
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
});
}
}
如何告诉 ADFS 重定向到领域?
我发现 ADFS 需要一个具有唯一 ID 的依赖方来验证用户并正确重定向到领域。
出于某种原因,OWIN 没有重定向到 ADFS 中指定的登录页面, 我无法控制 ADFS(Windows Server 2012),我遵循了 Microsoft 文档(http://www.asp.net/visual-studio/overview/2013/creating-web-projects-in-visual-studio#orgauthonprem),但我现在卡住了。 我认为通过引用元数据,一切都可以开箱即用。
我的控制器(从WebApi生成的模板)
[Authorize]
public class ValuesController : ApiController
{
// GET api/values
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
// GET api/values/5
public string Get(int id)
{
return "value";
}
// POST api/values
public void Post([FromBody]string value)
{
}
// PUT api/values/5
public void Put(int id, [FromBody]string value)
{
}
// DELETE api/values/5
public void Delete(int id)
{
}
}
但是我得到
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Message>Authorization has been denied for this request.</Message>
</Error>
我应该实施某种基于身份验证吗?
更新!
看来有必要Microsoft.Owin.Security.WsFederation
但是现在 adfs 没有重定向到我的领域,我在用户通过身份验证后从 ADFS 收到 302。类似
/adfs/ls/?wtrealm=http%3a%2f%2flocalhost%3a554&wctx=WsFedOwinState%3d9C7kwsHRjBM86yrii5niUWF1gW9VFvCKBTj_D3z4-QQ5P25opteVK0mWf0fudEQdsgIexkHxTxhKDqBmfSWNAuJ3togHTBE40CEKYa8JLKJOxsgxNGIreYBOzNYzK8NNvR26PCMCowCFoM9NGJOC8w&wa=wsignin1.0
我的Startup.cs
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = ConfigurationManager.AppSettings["ida:AdfsMetadataEndpoint"],
Wtrealm = ConfigurationManager.AppSettings["ida:Audience"],
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
});
}
}
如何告诉 ADFS 重定向到领域?
我发现 ADFS 需要一个具有唯一 ID 的依赖方来验证用户并正确重定向到领域。