ws-federation | 易学教程

IDX10503: Signature validation failed after updating to Owin.Security v 4.0.0

阅读更多关于 IDX10503: Signature validation failed after updating to Owin.Security v 4.0.0

问题 As per subject, I updated the Owin.Security.WsFederation and dependent packages to version 4.0 and I get the error. I did not make any code changes other than changing using Microsoft.IdentityModel.Protocols; to using Microsoft.IdentityModel.Protocols.WsFederation; where is the WsFederationConfiguration class seems to be now. Here is my StartupAuth : public void ConfigureAuth(IAppBuilder app) { app.UseCookieAuthentication( new CookieAuthenticationOptions { AuthenticationType =

OwinMiddleware Authentication (ws federation) - MVC5 Identity 2 - IDX10201: None of the the SecurityTokenHandlers could read the 'securityToken'

阅读更多关于 OwinMiddleware Authentication (ws federation) - MVC5 Identity 2 - IDX10201: None of the the SecurityTokenHandlers could read the 'securityToken'

问题 I'm trying to Authenticate toward an ACS server, I do manage to get authenticated with http modules the old way through the config file but I can't git it to work with owin. Here is the relevants part of my startup app.UseCookieAuthentication( new CookieAuthenticationOptions { AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType }); app.UseWsFederationAuthentication( new WsFederationAuthenticationOptions { MetadataAddress = "https://*******.accesscontrol.windows.net

ADAL.Net TokenCache throwing server timeout error with 500 error code

阅读更多关于 ADAL.Net TokenCache throwing server timeout error with 500 error code

问题 I am trying to integrate WS-Federation in my Asp.Net MVC app using OWIN. I followed the github samples and it is working as expected. Now I want to take this one step further and call an external WebApi hosted on different Azure web app from within my website. I couldn't find any WS-Fed samples for this scenario. WebApi needs an access token to provide access to protected resources. In one of my MVC controllers I tried using ADAL.Net code to acquire the access token but i get timeout error.

URL fragment lost as part of SAML token authentication; workaround / standard pattern?

阅读更多关于 URL fragment lost as part of SAML token authentication; workaround / standard pattern?

问题 Several web application authentication protocols (like WS-Federation and the SAML protocol, i.e., so-called 'passive' protocols, and apparently also ASP.NET Forms authentication, see this StackOverflow question, and AppEngine, see this GWT bug comment) lose the original 'URL fragment', i.e. the part after the #-sign. What happens is roughly the following: in a clean browser (so no cached info/cookies/login information) I open URL (1) http://example.com/myapp/somepage?some=parameter#somewhere.

Prevent XmlHttpRequest redirect response in .Net MVC WS-Federation Site

阅读更多关于 Prevent XmlHttpRequest redirect response in .Net MVC WS-Federation Site

问题 I'm using WS Federated (Claims Aware) authentication on an MVC 3 site and am having trouble keeping some of my API controllers that send JSON from returning a redirect when the authentication fails. I have an Area called API with several controllers that just return JSON, these controllers all inherit from the same base class. I want to send down legitimate 401 error responses instead of 302 redirects that are happening by default. I followed some directions I found for creating a custom

How do I move federationConfiguration out of web.config and to some custom config file and load it dynamically by code

阅读更多关于 How do I move federationConfiguration out of web.config and to some custom config file and load it dynamically by code

问题 I have my configuration in web.config and it works fine. <configuration> <system.identityModel.services> <federationConfiguration> .... </federationConfiguration> </system.identityModel.services> </configuration> How do I move this out of web.config to a custom config file and load it from code? I want to use the same structure of this configuration so that I do not have to change anything in code if I have to change this configuration file. 回答1: You can tap into the WIF event from your

WIF- ID1014: The signature is not valid. The data may have been tampered with

阅读更多关于 WIF- ID1014: The signature is not valid. The data may have been tampered with

问题 I've been using WIF to authenticate our new website, the STS is based upon the starter-sts implementation. To enable this to work correctly on out load balanced environment I've used the following in the global.asax to override the default certificate behaviour. void onServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e) { List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[] { new DeflateCookieTransform(), new

How to trap a WS-Federation callback in an OWIN MVC5 app to automatically create an identity in local database?

阅读更多关于 How to trap a WS-Federation callback in an OWIN MVC5 app to automatically create an identity in local database?

问题 I am currently working on a vb.net MVC5 application and using WS-Federation to authenticate all the users from an ADSF 3.0 server. Everything is working fine; when the users try to access a secured controller marked with the AUTHORIZE attribute, the users are redirected to the STS login page, they login and they come back. I am able to read the CLAIMS provided by the ADFS server. My problem is that i need to create a local entry in my database when a new authenticated user comes in after

How to avoid 'SamlAssertion.NotOnOrAfter condition is not satisfied' errors

阅读更多关于 How to avoid 'SamlAssertion.NotOnOrAfter condition is not satisfied' errors

问题 Recently I have started using claim-based authentication on an existing web application. Because the application makes use of jQuery & more notably, the AJAX functions, I have had to alter the handlers not to attempt to redirect the XmlHTTPRequests , and instead return a 403 status which is easier to handle. Here is the FederatedAuthentication.WSFederationAuthenticationModule.AuthorizationFailed event hanlder: protected void WSFederationAuthenticationModule_AuthorizationFailed(object sender,

How do I support streaming in WSFederationHttpBinding?

阅读更多关于 How do I support streaming in WSFederationHttpBinding?

I have a wcf service which is used to upload and download large files to server. I'm using MTOM message encoding and I want to use streamed transfer mode. But we are using wsFederationHttpBinding. How do I support streaming in wsFederationHttpBinding? My WCF Service web.config code is given below, <wsFederationHttpBinding> <binding name="UploadserviceFederation" messageEncoding="Mtom" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" > <readerQuotas maxStringContentLength="2147483647" maxDepth="2147483647" maxBytesPerRead="2147483647" maxArrayLength="2147483647"/> <security