我目前正在使用以下方法实现联合身份验证解决方案:用于发行令牌的被动STS,用于托管Silverlight应用程序的网站以及用于Silverlight应用程序的WCF服务.
到目前为止,我能够:
HttpContext.Current.User.Identity as IClaimsIdentity;在网站的web.config上,我添加了所需的两个WIF模块(在IIS 7下)
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/>
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/>
</modules>
我还配置了web.config的Microsoft.IdentityModel部分,以使用我自己的ClaimsAuthenticationManager和ClaimsAthorizationManager实现.
<service name="Rem.Ria.PatientModule.Web.WebService.PatientService">
<claimsAuthenticationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthenticationManager"/>
<claimsAuthorizationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthorizationManager"/>
</service>
我的ClaimsAuthenticationMAnager只是设置Thread.CurrentPrincipal是一个有效的Principal提供.
class RemClaimsAuthenticationManager : ClaimsAuthenticationManager
{
public override IClaimsPrincipal Authenticate ( string resourceName, IClaimsPrincipal incomingPrincipal )
{
if ( incomingPrincipal.Identity.IsAuthenticated )
{
Thread.CurrentPrincipal = incomingPrincipal;
}
return incomingPrincipal;
}
}
}
问题是,当我的ClaimsAuthorizationManager被调用时,context.Principal.Identity不包含与Claims有效的Identity,Thread.CurrentPrincipal也不包含.
有任何想法吗?