发表新帖
发表新帖

Is it possible to get ACS claims without editing web.config?

后端 未结
关注
3 1840
无人及你
无人及你 2021-02-06 06:37

Is it possible to set up the realm URL, claim types, etc for azure ACS without editing the web.config? Can you set up these required elements programmatically somehow?

E

相关标签:
3条回答
  • Happy的楠姐
    2021-02-06 07:21

    Yes, FedUtil does this. It's a utility that comes with the Windows Identity Foundation (WIF) SDK and you can invoke it from visual studio.

    http://msdn.microsoft.com/en-us/library/ee517285.aspx

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=4451

    EDIT: I may have misunderstood your question. FedUtil is a utility that configures your web.config for you. If instead you want to configure your application in code, that's also possible. The WIF documentation on MSDN should demonstrate how to do this:

    http://msdn.microsoft.com/en-us/library/ee766446.aspx

    0 讨论(0)
  • 暗喜
    2021-02-06 07:30

    Handle FederationConfigurationCreated event of FederatedAuthentication class, e.g. in Application_Start of Global.asax:

    void Application_Start(object sender, EventArgs e)
{
    FederatedAuthentication.FederationConfigurationCreated += FCC;
}

private void FCC(object sender, FederationConfigurationCreatedEventArgs e)
{
    e.FederationConfiguration.WsFederationConfiguration.PassiveRedirectEnabled = true;
    e.FederationConfiguration.WsFederationConfiguration.Issuer = "https://mynamespace.accesscontrol.windows.net/v2/wsfederation";
    e.FederationConfiguration.WsFederationConfiguration.Realm = "http://localhost:81/";
    e.FederationConfiguration.WsFederationConfiguration.RequireHttps = false;
}
    0 讨论(0)
  • 鱼传尺愫
    2021-02-06 07:33

    To remove that xml line from the web config, I made my own WSFederationAuthenticationModule overriding the old one, like so:

    public class CustomWSFederationAuthenticationModule : WSFederationAuthenticationModule
{
    protected override void InitializePropertiesFromConfiguration(string serviceName)
    {
        this.Realm = "http://localhost:81/";
        this.Issuer = "https://acsnamespace.accesscontrol.windows.net/v2/wsfederation";
        this.RequireHttps = false;
        this.PassiveRedirectEnabled = true;
    }
}

    And the important part of the web.config:

    <modules runAllManagedModulesForAllRequests="true">
  <add name="WSFederationAuthenticationModule" type="CustomModuleLocation.CustomWSFederationAuthenticationModule, CustomModuleLocation" preCondition="managedHandler"/>
  <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>

    Also the federatedAuthentication section of the XML is removed entirely.

    0 讨论(0)
 看不清?
提交回复
热议问题