MVC5 OWIN ws-federation AuthenticationManager.GetExternalLoginInfoAsync() returns null

房东的猫 提交于 2020-01-24 04:37:46

问题


I'm trying to setup integrated OWIN WS-Federation (ADFS) authentication in a new MVC 5 project in Visual Studio 2013. WsFederation in Startup.Auth is configured as follows:

app.UseWsFederationAuthentication(wtrealm: "MyRealm",
               metadataAddress: "https://myADFSInstanceHost/FederationMetadata/2007-06/FederationMetadata.xml");  

Federation button at login page works fine. ADFS login page is achievable, i can log in there. Required cookies seems to being set properly. At least there is passed .AspNet.ExternalCookie cookie. But when callback to mvc app is performed, in ExternalLoginCallback controller AuthenticationManager.GetExternalLoginInfoAsync() returns always null.


回答1:


I know this is an extremely old post, but I've been working on this issue for a week and this is the ONLY resource I've found that provided any sort of help.

The comments on the original post provided exactly what I needed. In order for GetExternalLoginInfo to work, a claim of type NameIdentifier must be present. I was able to mock one of these in Startup.Auth.cs using the following code:

app.UserWsFederationAuthentication(
    new WsFederationAuthenticationOptions
    {
        Wtrealm = realm, //defined earlier
        MetadataAddress = adfsMetadata, //also defined earlier

        Notifications = new WsFederationAuthenticationNotifications()
        {
            SecurityTokenValidated = notification =>
            {
                ClaimsIdentity identity = notification.AuthenticationTicket.Identity;

                //loop through all the claims returned (this should return everything set up in ADFS)
                foreach (var claim in notification.AuthenticationTicket.Identity.Claims)
                {
                    if (claim.Type == ClaimTypes.Upn) //or whatever claim type you want to use as your name identifier
                    {
                        //This line will add a duplicate claim, giving it the specified type. This NEEDS TO BE `NameIdentifier`
                        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, claim.Value));
                    }
                }
                return Task.FromResult(0);
            }
        }
    });


来源:https://stackoverflow.com/questions/27506913/mvc5-owin-ws-federation-authenticationmanager-getexternallogininfoasync-return

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!