1. 技术文章
  2. WSFederationAuthenticationModule.RedirectingToIdentityProvider event is not called

WSFederationAuthenticationModule.RedirectingToIdentityProvider event is not called

耗尽温柔 提交于 2019-12-30 10:17:03

问题


I have 2 events in my Global.asax.cs file

WSFederationAuthenticationModule_SecurityTokenValidated and WSFederationAuthenticationModule_RedirectingToIdentityProvider

WSFederationAuthenticationModule_RedirectingToIdentityProvider is not called by wif engine. Why?

public class MvcApplication : System.Web.HttpApplication
{ 
    void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e)
    {
        FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
    }


    void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
    {
        //some code
    }
}

This is microsoft.identityModel section in web.config

<microsoft.identityModel>
        <service saveBootstrapTokens="true">
          <audienceUris mode="Never">

          </audienceUris>
          <federatedAuthentication>
            <wsFederation passiveRedirectEnabled="true" issuer="http://localhost/dss.web.sts.tokenbaker/" realm="http://localhost/dss.web.frontend" requireHttps="false" />
            <cookieHandler requireSsl="false" />



          </federatedAuthentication>

          <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
            <trustedIssuers>
              <add thumbprint="308efdee6453fff68c402e5eceee5b8bb9eaa619" name="servcert" />

            </trustedIssuers>
          </issuerNameRegistry>
        </service>
      </microsoft.identityModel>

回答1:


You are missing following lines in your web.config:

In configSections element:

<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

In system.webServer element

 <modules>
  <remove name="FormsAuthentication" />
  <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
  <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>

Your audience Uris is empty. You have to specify your web application, so it can consume this functionality. So, add this line :

  <audienceUris>
    <add value="http://localhost/dss.web.frontend"/>
  </audienceUris>

If your problems reamined after this changes, you can implement your custom authentication module derived from WSFederationAuthenticationModule. Something like this :

public class CustomAuthenticationModule : WSFederationAuthenticationModule
{
    public CustomAuthenticationModule()
    {
        base.SecurityTokenReceived += CustomAuthenticationModule_SecurityTokenReceived;
    }

    public void CustomAuthenticationModule_SecurityTokenReceived(object sender, SecurityTokenReceivedEventArgs e)
    {

    }

    protected override void OnAuthenticateRequest(object sender, EventArgs args)
    {
        base.OnAuthenticateRequest(sender, args);
    }
}

and then just in config change instead of WSFederationAuthenticationModule put CustomAuthenticationModule with appropriate namespace and assembly signature. So you can intercept calls in your delegate.

Hope this is helpful for you.

Rastko




回答2:


Add the following to your Global.asax.cs:

void Application_Start()
{
    FederatedAuthentication.ServiceConfigurationCreated += OnServiceConfigurationCreated;
}


void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
    FederatedAuthentication.WSFederationAuthenticationModule.RedirectingToIdentityProvider += WSFederationAuthenticationModule_RedirectingToIdentityProvider;
}

Credit to https://stackoverflow.com/a/9207505/13932




回答3:


Make sure you're referencing WSFederationAuthenticationModule from the new namespaceSystem.IdentityModel.Services.

In my case I was still referencing it from the old Microsoft.IdentityModel.Web namespace after migrating the solution to .NET 4.5.

Found my answer here.




回答4:


Have you checked that the passiveRedirectEnabled attribute is set to true on the element in your web.config?




回答5:


It sounds like you may be missing the WSFederationAuthenticationModule in your configuration. Make sure you have this in system.webServer\modules:

<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />

And this in system.web\httpModules:

<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

Read here for more information.




回答6:


One thing to check is that you are referencing a consistent assembly between your web.config module and your Global.asax.cs using statement. Since the type RedirectingToIdentityProviderEventArgs exists in both System.IdentityModel.Services and Microsoft.IdentityModel.Web (as of .NET 4.5) you might be adding the module from one assembly in web.config but referencing the event arg from the other assembly in Global.asax.cs. I think that would fail.




回答7:


My problem was that I had the following modules added to both the system.web/httpModules and system.webServer/modules sections.

  <add name="WsFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
  <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />

Removing the elements from the system.web/httpModules section solved the issue and all events attached to the WSFederationAuthenticationModule instance were being fired.




回答8:


For the people who are sub-classing WSFederationAuthenticationModule and therefor changing the module registration name in the web.config and are using the auto wiring approach (inside the global.asax.cs) you will also have need to change the beginning of the method name.

For example if you have the following in system.webServer\modules

<add name="CustomWsFedModule" type="SomeLib.CustomWSFederationAuthenticationModule" preCondition="managedHandler" />

You will need the following inside your global.asax.cs

public class MvcApplication : System.Web.HttpApplication
{ 
    void CustomWsFedModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
    {
        //some code
    }
}


来源:https://stackoverflow.com/questions/8926099/wsfederationauthenticationmodule-redirectingtoidentityprovider-event-is-not-call

标签
ASP.NET
wif
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!