How to access AD FS claims by User's credential?
As I am developing a WCF web service to make an intermediator between user\'s login action and their active directory roles and permissions. I don\'t want my host applicatio
-
You could request a DisplayTokem from the ADFS and work with that, it's basically the same information you have in the token.
public DisplayClaimCollection GetDisplayClaims(string username, string password) { WSTrustChannelFactory factory = null; try { // use a UserName Trust Binding for username authentication factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), "https://.../adfs/services/trust/13/usernamemixed"); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = "Relying party endpoint address", KeyType = KeyTypes.Symmetric, RequestDisplayToken = true }; IWSTrustChannelContract channel = factory.CreateChannel(); RequestSecurityTokenResponse rstr; SecurityToken token = channel.Issue(rst, out rstr); return rstr.RequestedDisplayToken.DisplayClaims; } finally { if (factory != null) { try { factory.Close(); } catch (CommunicationObjectFaultedException) { factory.Abort(); } } } }But this is not the proper way of doing it! You should use your RelyingParty certificate to decrypt the encrypted token and read the claims from it.
加载中...
- 热议问题