wif

问题 UserManagerFactory = () => new UserManager<IdentityUser>(new UserStore<IdentityUser>()); OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory), AuthorizeEndpointPath = new PathString("/api/AccountOwin/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), AllowInsecureHttp = true }; From which IdentityUser,UserStore comesform entity framework. I want to use my

问题 I have created a new ASP.NET MVC application with .NET 4.5. I have successfully set up authentication with an STS. The authentication flow is working fine and I am able to get the ClaimsIdentity, containing the desired claims, on Thread.CurrentPrincipal. Now I need the bootstrap token to secure the calls to my service layer. I have set the saveBootstrapContext to true on the identityConfiguration element. <system.identityModel> <identityConfiguration saveBootstrapContext="true"> However, the

问题 I am trying to programatically generate the following configuration contained inside the microsoft.identityModel configuration. <federatedAuthentication> <wsFederation passiveRedirectEnabled="false" requireHttps="true" issuer="https://IssuedByFoo.com" realm="http://Foo.com/" /> <cookieHandler requireSsl="true" path="/" /> </federatedAuthentication> So far I have not been able to successfully configure this. I have tried setting the following in application_Start but I get an error message

问题 I am curious to find out how we could possibly send a Security token from a WIF application that has already been authenticate to a WIF enabled WCF Service. Any assistance will be appriciated 回答1: The answer is not simple but the following steps constitute the 'recommended pattern' and are documented in the following MSDN article: Identity Delegation with AD FS 2.0 Step-by-Step Guide In summary Allow you web application access to a special token (Bootstrap Token) that can be used to request

问题 We’re working on an OWIN MVC5 project. We use an own implementation of IUserStore<T> to integrate the user-management which is part of our companies framework. So far this works fine. We want to provide role membership and other security configuration through claims. I have seen (and quickly tested) the ways of either implementing IUserClaimStore<T> or of attaching a ClaimsIdentityFactory to the UserManager. In both scenarios, I see the issue that the claims are stored in the user’s cookie

问题 I need to generate and issue a token to clients based on username/password authentication. I've tried several approaches to solving this problem, but all of them have run into issues. My first plan was to implement WS-Trust Issue on my WCF endpoint. The example I found which did this used: [OperationContract(Action = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", ReplyAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue")] Message IssueToken(Message rstMessage); However,

问题 I am using Windows Identity Foundation. (With some MVC 2.0 sites) I am having real problem signing someone out of all the sites protected by WIF. It looks like my sign out is only signing people out on the current site. This is my code public void FederatedSignOut(string replyUrl) { var authModule = FederatedAuthentication.WSFederationAuthenticationModule; WSFederationAuthenticationModule.FederatedSignOut(new Uri(authModule.Issuer), new Uri(replyUrl)); } After running this code i can still

问题 I have a passive STS set up for a new application I'm working on. I've noticed that when a user's session expires, the user is still authenticated. I would have thought that when the session expires, the user would no longer be authenticated. My boss discussed this with me as I am currently charged with setting up the authentication. He says that it would be good if we could make the user's log on expire after a certain period of inactivity similar to how the session expires. I am familiar

问题 I'm trying to put together FederatedAuthentication with .NET 4.5, MVC 4, and active redirect using a custom server-side login page, using code from this tutorial, and from this code sample. Redirecting to the LogOn method of my AccountController works fine, and the method looks like this: public ActionResult LogOn() { HrdClient hrdClient = new HrdClient(); WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationModule; /*** Fails here because this is null **/

问题 I downloaded the sample login page from the ACS portal for my application, which is a html file. I then configured my application with WIF, and everything worked perfectly. Since we need to handle and save an incoming querystring, so that querystring can be used later after the user had been logged in, we needed to move the html login page to a aspx page. The problem is that when I change the issuer for WIF in the web.config file to the aspx file, it stops working. When it works it looks like