我的Global.asax.cs文件中有2个事件
WSFederationAuthenticationModule_SecurityTokenValidated和WSFederationAuthenticationModule_RedirectingToIdentityProvider
Wif引擎不调用WSFederationAuthenticationModule_RedirectingToIdentityProvider.为什么?
public class MvcApplication : System.Web.HttpApplication
{
void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e)
{
FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
}
void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
{
//some code
}
}
这是web.config中的microsoft.identityModel部分
<microsoft.identityModel>
<service saveBootstrapTokens="true">
<audienceUris mode="Never">
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost/dss.web.sts.tokenbaker/" realm="http://localhost/dss.web.frontend" requireHttps="false" />
<cookieHandler requireSsl="false" />
</federatedAuthentication>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="308efdee6453fff68c402e5eceee5b8bb9eaa619" name="servcert" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
您在web.config中缺少以下行:
在configSections元素中:
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
在system.webServer元素中
<modules>
<remove name="FormsAuthentication" />
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
你的观众Uris是空的.您必须指定Web应用程序,因此它可以使用此功能.所以,添加这一行:
<audienceUris>
<add value="http://localhost/dss.web.frontend"/>
</audienceUris>
如果在此更改后重新考虑问题,则可以实现从WSFederationAuthenticationModule派生的自定义身份验证模块.像这样的东西:
public class CustomAuthenticationModule : WSFederationAuthenticationModule
{
public CustomAuthenticationModule()
{
base.SecurityTokenReceived += CustomAuthenticationModule_SecurityTokenReceived;
}
public void CustomAuthenticationModule_SecurityTokenReceived(object sender, SecurityTokenReceivedEventArgs e)
{
}
protected override void OnAuthenticateRequest(object sender, EventArgs args)
{
base.OnAuthenticateRequest(sender, args);
}
}
然后只是在配置更改而不是WSFederationAuthenticationModule中,将CustomAuthenticationModule放入适当的命名空间和程序集签名.因此,您可以拦截代理中的呼叫.
希望这对你有所帮助.
Rastko
听起来您WSFederationAuthenticationModule的配置中可能缺少 。确保你有这个system.webServer\modules:
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
这在system.web\httpModules:
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
阅读此处了解更多信息。
| 归档时间: |
|
| 查看次数: |
12375 次 |
| 最近记录: |