Asp.net OwinMiddleware身份验证(ws-federation)-MVC5标识2-IDX10201:没有任何SecurityTokenHandler可以读取';securityToken';
我正在尝试对ACS服务器进行身份验证,我确实设法通过配置文件通过http模块进行身份验证,但我无法让它与owin一起工作。这是我创业的相关部分Asp.net OwinMiddleware身份验证(ws-federation)-MVC5标识2-IDX10201:没有任何SecurityTokenHandler可以读取';securityToken';,asp.net,token,owin,acs,ws-federation,Asp.net,Token,Owin,Acs,Ws Federation,我正在尝试对ACS服务器进行身份验证,我确实设法通过配置文件通过http模块进行身份验证,但我无法让它与owin一起工作。这是我创业的相关部分 app.UseCookieAuthentication( new CookieAuthenticationOptions { AuthenticationType = WsFederationAuthentication
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType =
WsFederationAuthenticationDefaults.AuthenticationType
});
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
MetadataAddress =
"https://*******.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml",
Wtrealm = "http://localhost:62569/",
Wreply = "http://localhost:62569/callback-signin",
SecurityTokenHandlers = new SecurityTokenHandlerCollection
{
new MachineKeySessionSecurityTokenHandler
{
Configuration = new SecurityTokenHandlerConfiguration
{
CertificateValidationMode = X509CertificateValidationMode.None,
IssuerNameRegistry = new ValidatingIssuerNameRegistry
{
IssuingAuthorities =
new List<IssuingAuthority>
{
new IssuingAuthority("https://*******.accesscontrol.windows.net/")
{
Thumbprints = { "9B9F8B5E21640ED692C*****A62B4077813659B5" },
Issuers = { "https://*******.accesscontrol.windows.net/" }
}
}
}
}
}
}
});
app.UseCookieAuthentication(
新CookieAuthenticationOptions
{
身份验证类型=
WsFederationAuthenticationDefaults.AuthenticationType
});
app.UseWsFederationAuthentication(
新WsFederationAuthenticationOptions
{
元数据地址=
“https://******.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml”,
Wtrealm=”http://localhost:62569/",
Wreply=”http://localhost:62569/callback-签名“,
SecurityTokenHandlers=新SecurityTokenHandlerCollection
{
新MachineKeySessionSecurityTokenHandler
{
配置=新的SecurityTokenHandlerConfiguration
{
CertificateValidationMode=X509CertificateValidationMode.None,
IssuerNameRegistry=新验证IssuerNameRegistry
{
发布权限=
新名单
{
新发行权限(“https://******.accesscontrol.windows.net/”)
{
指纹={“9B9F8B5E21640ED692C****A62B4077813659B5”},
发行人={“https://******.accesscontrol.windows.net/”}
}
}
}
}
}
}
});
这是工作配置文件
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=301880
-->
<configuration>
<configSections>
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=********.database.windows.net,1433;Initial Catalog=*********;Persist Security Info=True;User ID=m*******;Password=*******" providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.web>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost:62569" />
</audienceUris>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="https://**********.accesscontrol.windows.net/">
<keys>
<add thumbprint="9B9F8B5E21640ED692CC1CF2A62B4077813659B5" />
</keys>
<validIssuers>
<add name="https://*********.accesscontrol.windows.net/" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" />
<wsFederation passiveRedirectEnabled="true" issuer="https://***********.accesscontrol.windows.net/v2/wsfederation" realm="http://localhost:62569" reply="http://localhost:62569/callback-signin" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>
<entityFramework>
<providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
</providers>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
<parameters>
<parameter value="Data Source=***********.database.windows.net,1433;Initial Catalog=********;Persist Security Info=True;User ID=*************;Password=********" />
</parameters>
</defaultConnectionFactory>
</entityFramework>
</configuration>
使用Owin时,我会出现以下错误:
引发异常:
中的“System.IdentityModel.Tokens.SecurityTokenValidationException”
mscorlib.dll
其他信息:IDX10201:无
SecurityTokenHandler无法读取“securityToken”:
https://******.accesscontrol.windows.net/
wEjAPR2kWtfrRKX9tMGvJu/Nv+yLtm1KeXbYFDwbB8U=
(2)这两个数字+一个数字+一个数字+一个数字+一个数字+一个数字+一个数字+一个数字+一个数字的数字(2)QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQBBBBBBBBBBBBBBBBBVVVVVVVVVVQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQY6R1W2Tv1KUEH6VG==
MiidsJCcajagawibagiqrcbhmtovjjj9Milbejm7Tajbgurdgmchquamdexlzatbgnvbamtjm1hcmdvy29uc2vpbc5hy2nlc3njb250cm9slndpBMrvd3mubmv0mb4xdtte1mdyxnja4tyzofoxdtiwmduzmydawwwyz29jb25zzwlmj2vzc2vzc2vbnr2wwuzg93cy5uzqwqwgzqwg2g9cyzzzzgzgzyzg8wgzgzg8gzgzgzg8gzzgzgzgzgzzg8cqqwqqqqqqqqqquzyzzzzzzzzzzyzzzzzzzzzzzzy8c8c8czz(2)这两个词的意思是:一个词的意思是:一个词的意思是:一个词的意思是:一个词的意思是:在这个词中,这个词的意思是:一个词的意思是:一个词的意思是:一个词的意思是:一个词的意思是:一个词的意思是:一个词的意思是:一个词的意思是:一个单词的意思是:一个单词的意思是,或者是,或者是一个单词的意思是,或者是,或者是一个单词的意思是,或者是一个单词的意思是一个单词的意思是,或者是,或者是一个单词的意思是,或者或者或者是一个单词的意思是,或者是,或者是一个。或者是一个关于一个关于一个关于一个关于一个关于一个关于一个或者或者或者或者或者或者或者或者或者或者或者或者或者或者或者或者是一个关于一个关于一个或者或者或者或者或者或者或者或者或者或者或者S8WLQYDVQDEYZTYXJNB22.在一个新的研究中,他们发现了一种新的研究方法——一种新的研究方法——一种新的研究方法——一种新的研究方法——一种新的研究方法——一种新的研究方法——一种新的研究方法——一种新的研究方法——一种新的研究方法——一种新的研究方法——一种新的研究——一种新的研究结果——一种新的研究结果——一种新的研究——一种新的研究发现一种新的非非非非非非非非非非非非非非非非非非非非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非政府非0NUZbWyR1N8CBf5EIW2S/TrpoOBYNgZQU5n9PRJjTBhESHXjfa8RipC8RXU9o
************@***********.net
http://localhost:62569/
7102feaa-34af-4756-85ce-b0f69766d78d
***********@************.net
******
*******
https://sts.windows.net/7102feaa-34af-4756-85ce-b0f69766d78d/
https://sts.windows.net/7102feaa-34af-4756-85ce-b0f69766d78d/
urn:oasis:name:tc:SAML:2.0:ac:classes:Password
我错过了什么?任何能帮助我的都是非常受欢迎的,我已经为此奋斗了好几天了 当您为WS-Federation middlware指定
SecurityTokenHandlers
属性时,您为它提供了安全令牌处理程序的最终列表,它应该使用这些安全令牌处理程序来验证它接收到的任何安全令牌,从而阻止创建默认令牌处理程序
通过指定MachineKeySessionSecurityTokenHandler
实例,中间件只能验证SessionSecurityToken
实例。这种类型的令牌用于传递会话数据。您在从Azure AD接收的消息中看不到此令牌,因此中间件消息是准确的:它无法读取安全令牌
经理
<?xml version="1.0" encoding="UTF-8"?>
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_19fb92df-c8ac-4388-9294-7a8cdb3bcf0b" IssueInstant="2015-07-30T12:07:25.837Z" Version="2.0">
<Issuer>https://*********.accesscontrol.windows.net/</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#_19fb92df-c8ac-4388-9294-7a8cdb3bcf0b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>wEjAPR2kWtfrRKX9tMGvJu/Nv+yLtm1KeXbYFDwbB8U=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>GVamldoBjB+RZY+2bf2700k2Z4PUtp+7Cy9EGTne5+7ID+tLmQ08yXur898O21ldqVqqmGxKbVYQRPVRkF1F+e3bBRipEhyvZ4K8oxQly6f0lLza2svTBSI8GUhLQ9/5ElReaOAgM84q3V5XcBvmXHamanRFSd5hzkTqWbRlNFWJFisqKEuTBTl2DLNV/CeWKrv+11qTgGc0Qxk18mycDGXDfwuWAYcVAZMImiEFm8wErIfOaQ9EbKYqtoVdbuKb5WH2+yjI6jp7uHRKl6x2z77XVLuNRLbutgQDASMGt2dll4P7Ve/tt/NqzkHj7P/zbkEYckY6r1W2Tv1kUeh6vg==</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIDSjCCAjagAwIBAgIQrcBhMtovuJ9MilbEjMjS7TAJBgUrDgMCHQUAMDExLzAtBgNVBAMTJm1hcmdvY29uc2VpbC5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE1MDYxNjA4MTYzOFoXDTIwMDUzMTIyMDAwMFowMTEvMC0GA1UEAxMmbWFyZ29jb25zZWlsLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpeZseXX1IYTABUOPr7nfIAXc7cXAI0k+vR3qEbvy0UxEhYAkAocQR2qUTPQ8D1v4lPp59tnHKBGJ0eHt9DYm/SyKkfHsWfqsysZx5NHXSJIhy/SgHwpd8b2q1NKxqBRLrdJKyAua+WWza4p/HMFjEVoN/upZtngSqxUKO/oYqy6m7smkz8vwjzpJR8tyqN881XBQzvryiF/i3ZPFQqlCT9263TMcAGPpym9uvxHzFPPx3u8IDz3AQydyHeViaJhiXGic0VEcm6LMn3JLOYqAzJnv8z89NdpsL4ynv1ekytt/8yyza3CnsU1E4tFDj1HU3785aFZ1xm6wr1MUK9VOTAgMBAAGjZjBkMGIGA1UdAQRbMFmAEN1alzwM3lJSHdh4LFl7uxmhMzAxMS8wLQYDVQQDEyZtYXJnb2NvbnNlaWwuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQrcBhMtovuJ9MilbEjMjS7TAJBgUrDgMCHQUAA4IBAQAsQ5jNKvS2fLtqs9oB6DGTXdI5nAli5UyvZUQlnf******ifG14SRbVdTjUOzngIWAJ5KAQk5t//wSkwgAS+U6AFYI/mee9NLEvOEhrRbpGUP0oL504OZ9zTDeXmGu2FybRB2TvdTKLaeVsBvwqgP33QFkcuPK50fCGC1l3SecIeyWL5fsiw/2+GuTKHjCaeRqnYBgDTINptc9PGayLPBTjs4UPzbccmaYyuanmTAMZGU0iRoGJYet2uAasT52QvWZqD0NUZbWyR1N8CBf5EIW2S/TrpoOBYNgZQU5n9PRJjTBhESHXjfa8RipC8RXU9o</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<NameID>******.*******@********.net</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
</Subject>
<Conditions NotBefore="2015-07-30T12:07:25.837Z" NotOnOrAfter="2015-07-30T13:07:25.837Z">
<AudienceRestriction>
<Audience>http://localhost:62569/</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid">
<AttributeValue>7102feaa-34af-4756-85ce-b0f69766d78d</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>*****.*******@*******.net</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
<AttributeValue>******</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>*******</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider">
<AttributeValue>https://sts.windows.net/7102feaa-34af-4756-85ce-b0f69766d78d/</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider">
<AttributeValue>https://sts.windows.net/7102feaa-34af-4756-85ce-b0f69766d78d/</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement AuthnInstant="2015-07-27T12:39:30.003Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
app.UseCookieAuthentication(
new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
MetadataAddress = "https://*******.accesscontrol.windows.net/"
+ "FederationMetadata/2007-06/FederationMetadata.xml",
Wtrealm = "http://localhost:62569/",
Wreply = "http://localhost:62569/callback-signin"
});
TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "https://*******.accesscontrol.windows.net/",
SigningToken = new X509SecurityToken(...)
}