我正在尝试在Visual Studio 2013的新MVC 5项目中设置集成的OWIN WS-Federation(ADFS)身份验证。Startup.Auth中的WsFederation配置如下:
app.UseWsFederationAuthentication(wtrealm: "MyRealm",
metadataAddress: "https://myADFSInstanceHost/FederationMetadata/2007-06/FederationMetadata.xml");
登录页面上的联合按钮可以正常工作。 ADFS登录页面是可以实现的,我可以在那里登录。所需的cookie似乎已正确设置。至少传递了.AspNet.ExternalCookie cookie。但是,当执行到mvc应用程序的回调时,在ExternalLoginCallback控制器中,AuthenticationManager.GetExternalLoginInfoAsync()始终返回null。
GetExternalLoginInfo工作,必须提供NameIdentifier类型的声明。我可以使用以下代码在Startup.Auth.cs中模拟其中之一:app.UserWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = realm, //defined earlier
MetadataAddress = adfsMetadata, //also defined earlier
Notifications = new WsFederationAuthenticationNotifications()
{
SecurityTokenValidated = notification =>
{
ClaimsIdentity identity = notification.AuthenticationTicket.Identity;
//loop through all the claims returned (this should return everything set up in ADFS)
foreach (var claim in notification.AuthenticationTicket.Identity.Claims)
{
if (claim.Type == ClaimTypes.Upn) //or whatever claim type you want to use as your name identifier
{
//This line will add a duplicate claim, giving it the specified type. This NEEDS TO BE `NameIdentifier`
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, claim.Value));
}
}
return Task.FromResult(0);
}
}
});