我目前正在使用以下方法实现联合身份验证解决方案:用于发行令牌的被动STS,用于托管Silverlight应用程序的网站以及用于Silverlight应用程序的WCF服务。
到目前为止,我能够:
被重定向到STS 登录并重定向到网站 通过访问HttpContext.Current.User.Identity as IClaimsIdentity;在网站上显示声明HttpContext.Current.User.Identity as IClaimsIdentity;在网站的web.config上,我添加了所需的两个WIF模块(在IIS 7下)
<modules runAllManagedModulesForAllRequests="true"> <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/> <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/> </modules>我还配置了web.config的Microsoft.IdentityModel部分,以使用我自己的ClaimsAuthenticationManager和ClaimsAthorizationManager实现。
<service name="Rem.Ria.PatientModule.Web.WebService.PatientService"> <claimsAuthenticationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthenticationManager"/> <claimsAuthorizationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthorizationManager"/> </service>我的ClaimsAuthenticationMAnager只是设置Thread.CurrentPrincipal是一个有效的Principal提供。
class RemClaimsAuthenticationManager : ClaimsAuthenticationManager { public override IClaimsPrincipal Authenticate ( string resourceName, IClaimsPrincipal incomingPrincipal ) { if ( incomingPrincipal.Identity.IsAuthenticated ) { Thread.CurrentPrincipal = incomingPrincipal; } return incomingPrincipal; } } }问题是,当我的ClaimsAuthorizationManager被调用时,context.Principal.Identity不包含有效声明的Identity,Thread.CurrentPrincipal也不包含。
有任何想法吗?
I am currently implementing a Federated Authentication solution using: A passive STS for issuing tokens, a Website hosting a Silverlight application and WCF services for the Silverlight App.
So far I am able:
Get redirected to the STS Login and get redirected to the Website Display the claims on the website by accessing HttpContext.Current.User.Identity as IClaimsIdentity;on the web.config of the Website, I have added the two WIF modules needed (under IIS 7)
<modules runAllManagedModulesForAllRequests="true"> <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/> <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/> </modules>I have also configured the Microsoft.IdentityModel section of the web.config to use my own implementation of ClaimsAuthenticationManager and ClaimsAthorizationManager.
<service name="Rem.Ria.PatientModule.Web.WebService.PatientService"> <claimsAuthenticationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthenticationManager"/> <claimsAuthorizationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthorizationManager"/> </service>My ClaimsAuthenticationMAnager is simply setting the Thread.CurrentPrincipal is a valid Principal is provided.
class RemClaimsAuthenticationManager : ClaimsAuthenticationManager { public override IClaimsPrincipal Authenticate ( string resourceName, IClaimsPrincipal incomingPrincipal ) { if ( incomingPrincipal.Identity.IsAuthenticated ) { Thread.CurrentPrincipal = incomingPrincipal; } return incomingPrincipal; } } }The problem is that when my ClaimsAuthorizationManager is called, the context.Principal.Identity does not contain a valid Identity with Claims, and neither does the Thread.CurrentPrincipal.
Any ideas?
最满意答案
您不需要设置Thread.CurrentPrincipal,因为会话模块将为您执行此操作。 您需要通过HttpContext.Current.User访问它,因为Thread.Principal通常设置在与访问您的服务的线程不同的线程上,因为它是IIS中的两个不同模块。 我们在即将出版的书中有一个例子,您可以在我们的Codeplex网站上查看。
HTH
You don't need to set the Thread.CurrentPrincipal because the session module will do this for you. You will need to access it through the HttpContext.Current.User because the Thread.Principal is usually set on a different thread than the one accessing your service because it is two different modules in IIS. We have an example of this in our upcoming book that you can check out at our Codeplex Site.
HTH
更多推荐
发布评论