以编程方式配置 Web 应用程序和 WCF 以使用 STS (WIF)

发布于 2024-08-16 03:42:50 字数 402 浏览 7 评论 0原文

好吧,我已经加强了一个非常简单的 asp.net 和 wcf 服务来使用和 STS 进行身份验证,但是,我想知道如果以编程方式配置它,我如何才能实现相同的目标。

我知道我需要在 web.config 中有某些信息,我还可以从我的客户端看到我可以访问命名空间 Microsoft.Identity.Configuration 命名空间...但是从那到实际拥有还有一段路要走一个配置好的应用程序,如果有人走过了,我全神贯注,

第一个也是最重要的里程碑是以编程方式配置要使用的 sts,然后是应用程序的实际地址(audienceUrl 和 wsFederation->realm),然后是证书< strong>certificateReference 和 trustedIssuers 部分

干杯

Ok so I ve step up a very simple asp.net and wcf service to use and STS for authentication, however, I wonder how can i achieve the same if configuringing it programatically.

I know I need to have certain information in web.config , I can also seee that from my client I have access to the namespace Microsoft.Identity.Configuration namespace ...but well there is a bit of a walk from that to actually having a configured app, if someone has walked that, I m all ears

the first and most important milestone is to programatically configure the sts to use, then the actual address of the apps ( audienceUrl and wsFederation->realm), then the certificates certificateReference and trustedIssuers section

Cheers

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

别理我 2024-08-23 03:42:50

作为创建配置的一部分,您需要动态配置所需的模块(WSFederationAuthenticationModule 和 SessionAuthenticationModule)。其中一部分涉及动态设置签名证书(请记住,它需要安装在 RP 所在的服务器上,并具有正确的权限,以便 RP 可以访问证书的私钥)。在这个问题中询问了后一部分:更改证书动态运行 WCF 服务,无需停机。我还没有解决这个问题,但是(FWIW)我的直觉告诉我,你不能即时更改证书。

最重要的是,我认为如果不付出巨大的努力,这是不可能做到的。我最近实现的一种解决方案是创建一个 NuGet 包,可以轻松地创建新的 RP 应用程序,该包可以添加到项目将根据组织的标准(使用已知的 STS、证书指纹等)配置新应用程序。

@Rice Flour Cookies 提到了联合元数据,您不一定需要元数据,但它在自动化配置时很有帮助。

You would need to dynamically configure the required modules (WSFederationAuthenticationModule and SessionAuthenticationModule) as part of creating the configuration. Part of this would involve setting the signing certificate on the fly (remember that it will need to be installed on the server on which the RP resides as well as have the correct permissions so that the RP can access the private key of the certificate). This latter part was asked about in this question: Change certs of WCF service on the fly, no downtime. I have not addressed that question, but (FWIW) my gut tells me that you cannot change the cert on the fly.

The bottom-line is, I do not think this can be done without significant effort at the very least. One solution I recently implemented to make creating new RP applications fairly painlessly was to create a NuGet package that can be added to a project which will configure the new application according to the standards of the organization (using a known STS, cert thumbprint, etc).

@Rice Flour Cookies mentioned the federation metadata, you don't necessarily need the metadata, but it helps when automating configuration.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文