wif

Authenticate to STS by Issued Token

假装没事ソ 提交于 2021-02-08 09:26:05
问题 I'm working on federating an application with various areas and extremely fine-grained permissions. Each of the various areas has a federated WCF endpoint to communicate back to the server. Because of the fine grained permissions, a single token containing all of the permissions can be as large as 1MB, maybe more. Requirements dictate that the user's username and password credentials must not be held within our code base after the initial log in process. The permissions cannot be combined to

How to configure Windows authentication for custom binding in WCF service?

帅比萌擦擦* 提交于 2021-01-29 04:06:24
问题 I need to use Windows authentication in my application along with claim-based authorization using Windows Identity Foundation. I have used following configuration for my service. <system.identityModel> <identityConfiguration> <claimsAuthorizationManager type="Framework.Authorization.AuthorizationManager, ClaimsAuthorizationService"/> </identityConfiguration> </system.identityModel> <system.serviceModel> <bindings> <customBinding> <binding name="CustomTcpBinding" maxConnections="50"

Error Creating JWT Token using RSA Security Key with key size less than 2048

落花浮王杯 提交于 2020-03-22 08:55:50
问题 I'm facing an exception when trying to create a JWT token in C# Web API application. Test environment Platform: Windows 10 x64 with .net framework: 4.6.1 jwt NuGet package: System.IdentityModel.Tokens.Jwt version: 4.0.2.206221351 Here is the code responsible for generating RSA keys: public SignatureInformation CreateNewSignatureInformation(int length = 0) { try { var signatureInformation = new SignatureInformation(); var rsaProvider = new RSACryptoServiceProvider(length); var publicKey =

Error Creating JWT Token using RSA Security Key with key size less than 2048

耗尽温柔 提交于 2020-03-22 08:54:20
问题 I'm facing an exception when trying to create a JWT token in C# Web API application. Test environment Platform: Windows 10 x64 with .net framework: 4.6.1 jwt NuGet package: System.IdentityModel.Tokens.Jwt version: 4.0.2.206221351 Here is the code responsible for generating RSA keys: public SignatureInformation CreateNewSignatureInformation(int length = 0) { try { var signatureInformation = new SignatureInformation(); var rsaProvider = new RSACryptoServiceProvider(length); var publicKey =

Custom Claims with Geneva framework and how to “synch” users whitin your app

混江龙づ霸主 提交于 2020-01-23 03:49:05
问题 Maybe this question highlights how little I know about claims identity management, but here it goes. If using WIF within an application that uses a third party STS for Identity and that uses custom claims for authorization ( something pertinent and specificto the application like CanCreateFooBar ) 1) How do I manage the users? Ie, the users from say AD or other membership provider can be identified, but internally in my system i need to know about them and have more user information that has

WIF: ID1014: The signature is not valid. The data may have been tampered with

╄→尐↘猪︶ㄣ 提交于 2020-01-17 03:17:11
问题 We've built a Relying Party application based on the Windows Identity Foundation. We followed the advice in Vittorio's book and created a custom set of cookie transforms to use RSA to encrypt/sign the token. private void OnServiceConfigurationCreated( object sender, ServiceConfigurationCreatedEventArgs e ) { List<CookieTransform> sessionTransforms = new List<CookieTransform>( new CookieTransform[] { new DeflateCookieTransform(), new RsaEncryptionCookieTransform( e.ServiceConfiguration

How to grab serialized in http request claims in a code using WIF?

僤鯓⒐⒋嵵緔 提交于 2020-01-15 11:54:48
问题 ADFS 2.0, WIF (WS-Federation), ASP.NET: There is no http modules or any IdentityFoundation configuration defined in a web.config (like most WIF SDK samples show), instead everything is done via program code manually using WSFederationAuthenticationModule, ServiceConfiguration and SignInRequestMessage classes. I do http redirect to ADFS in a code and it seems to work fine, returning claims and redirecting user back to my web site with serialized claims in http request. So the question is how

How is the expiryTime supposed to be used with SessionSecurityTokenCache.AddOrUpdate()?

风格不统一 提交于 2020-01-15 03:33:10
问题 I'm writing a custom implementation of SessionSecurityTokenCache and I'm somewhat confused as to what the purpose of expiryTime is in the AddOrUpdate method. As far as I can tell, the default implementation for SessionSecurityTokenCache used by WIF is the internal class MruSessionSecurityTokenCache (mentioned here). In its implementation, expiryTime is completely ignored. Also, I notice while debugging that the value that gets passed in to AddOrUpdate appears to always be token.ValidTo plus 5

Restricting ADFS 2.0 to use a specific OU instead of Domain level access

走远了吗. 提交于 2020-01-13 17:59:21
问题 Consider the below Sample Scenario: I have a Single Active Directory Domain for Production, Test and for development (each separated at OU level). I want to install ADFS at test OU level and I do not want users authenticated at test OU ADFS to have access (both read and write) to other OU's. Can this be possible ? Can we restrict ADFS 2.0 to work only under a particular OU ? 回答1: Though restricting ADFS 2.0 to work under a specific OU is not feasible (from the resources I read and IMHO), we

W.I.F.: Setting IsSessionMode to true, can't seem to make it happen

巧了我就是萌 提交于 2020-01-12 14:22:06
问题 We are having problems with Safari(and Opera) and from what I have read the FedAuth cookies are just too big. There is an "neat trick" to fix this: "WIF RTM added a property to the SessionAuthenticationModule, IsSessionMode. When flipped to true, IsSessionMode has the effect of ensuring that the SessionSecurityToken remains in the cache for the whole duration of the session and generating a cookie which contains just a session identifier rather than the content of the session itself." I have