尝试为此程序化 AD FS 配置获取工作 web.config 部分
Trying to get a working web.config section for this programmatic AD FS configuration
我有以下程序代码,我知道这些代码在我尝试验证 AD FS 令牌时有效:
var configuration = new SecurityTokenHandlerConfiguration();
configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Always;
configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://application.local/"));
configuration.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;
configuration.RevocationMode = X509RevocationMode.Online;
configuration.CertificateValidator = X509CertificateValidator.ChainTrust;
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer("<Certificate Thumbprint>", "ADFS Signing - adfs.example.local");
configuration.IssuerNameRegistry = registry;
SecurityTokenHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(configuration);
但是,我正在尝试将其转换为工作配置,以便我可以在我的 web.config 中标记这一切。我试过这个:
<system.identityModel>
<identityConfiguration saveBootstrapContext="true">
<securityTokenHandlers>
<securityTokenHandlerConfiguration>
<audienceUris>
<add value="https://application.local/" />
</audienceUris>
<certificateValidation certificateValidationMode="ChainTrust" revocationMode="Online" trustedStoreLocation="LocalMachine"/>
<issuerNameRegistry>
<trustedIssuers>
<add thumbprint="<Certificate Thumbprint>" name="ADFS Signing - adfs.example.local" />
</trustedIssuers>
</issuerNameRegistry>
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
使用以下代码(这次,没有传入我的编程配置):
SecurityTokenHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
但是我在尝试验证令牌时遇到的错误是:
At least one 'audienceUri' must be specified in the
SamlSecurityTokenRequirement when the AudienceUriMode is set to
'Always' or 'BearerKeyOnly'. Either add the valid URI values to the
AudienceUris property of SamlSecurityTokenRequirement, or turn off
checking by specifying an AudienceUriMode of 'Never' on the
SamlSecurityTokenRequirement.
所以它一定没有正确读取配置。我错过了什么?代码有错吗?配置有误吗?
SecurityTokenHandlers = System.IdentityModel.Services.FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers;
配置正确。
我有以下程序代码,我知道这些代码在我尝试验证 AD FS 令牌时有效:
var configuration = new SecurityTokenHandlerConfiguration();
configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Always;
configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://application.local/"));
configuration.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;
configuration.RevocationMode = X509RevocationMode.Online;
configuration.CertificateValidator = X509CertificateValidator.ChainTrust;
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer("<Certificate Thumbprint>", "ADFS Signing - adfs.example.local");
configuration.IssuerNameRegistry = registry;
SecurityTokenHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(configuration);
但是,我正在尝试将其转换为工作配置,以便我可以在我的 web.config 中标记这一切。我试过这个:
<system.identityModel>
<identityConfiguration saveBootstrapContext="true">
<securityTokenHandlers>
<securityTokenHandlerConfiguration>
<audienceUris>
<add value="https://application.local/" />
</audienceUris>
<certificateValidation certificateValidationMode="ChainTrust" revocationMode="Online" trustedStoreLocation="LocalMachine"/>
<issuerNameRegistry>
<trustedIssuers>
<add thumbprint="<Certificate Thumbprint>" name="ADFS Signing - adfs.example.local" />
</trustedIssuers>
</issuerNameRegistry>
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
使用以下代码(这次,没有传入我的编程配置):
SecurityTokenHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
但是我在尝试验证令牌时遇到的错误是:
At least one 'audienceUri' must be specified in the SamlSecurityTokenRequirement when the AudienceUriMode is set to 'Always' or 'BearerKeyOnly'. Either add the valid URI values to the AudienceUris property of SamlSecurityTokenRequirement, or turn off checking by specifying an AudienceUriMode of 'Never' on the SamlSecurityTokenRequirement.
所以它一定没有正确读取配置。我错过了什么?代码有错吗?配置有误吗?
SecurityTokenHandlers = System.IdentityModel.Services.FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers;
配置正确。