C# 在SAML 2.0中,使用ITFoxtec对User.Identity.IsAuthenticationed始终为false
我在dotnet3.1项目中使用itfoxtec-identity-saml2。我从服务器发起请求并验证登录,直到一切正常 从服务器获取响应断言并转换声明并创建会话后,我的应用程序仍然无法登录 下面是我的代码片段供参考 AuthController.csC# 在SAML 2.0中,使用ITFoxtec对User.Identity.IsAuthenticationed始终为false,c#,saml-2.0,asp.net-core-3.1,itfoxtec-identity-saml2,C#,Saml 2.0,Asp.net Core 3.1,Itfoxtec Identity Saml2,我在dotnet3.1项目中使用itfoxtec-identity-saml2。我从服务器发起请求并验证登录,直到一切正常 从服务器获取响应断言并转换声明并创建会话后,我的应用程序仍然无法登录 下面是我的代码片段供参考 AuthController.cs [Route("AssertionConsumerService")] public async Task<IActionResult> AssertionConsumerService() {
[Route("AssertionConsumerService")]
public async Task<IActionResult> AssertionConsumerService()
{
try
{
var binding = new Saml2PostBinding();
var saml2AuthnResponse = new Saml2AuthnResponse(config);
binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);
if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
{
throw new AuthenticationException($"SAML Response status: {saml2AuthnResponse.Status}");
}
binding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnResponse);
await saml2AuthnResponse.CreateSession(HttpContext, claimsTransform: (claimsPrincipal) => ClaimsTransform.TransformClaims(claimsPrincipal),isPersistent:true, lifetime: new TimeSpan(1, 0, 0));
var auth = HttpContext.User.Identity.IsAuthenticated;
}
catch (Exception ex)
{
}
return Redirect("~/");
}
public static ClaimsPrincipal TransformClaims(ClaimsPrincipal claimsPrincipal)
{
ClaimsIdentity identity = (ClaimsIdentity)claimsPrincipal.Identity;
var tenantId = identity.FindFirst(ClaimTypes.NameIdentifier);
var Name = identity.FindFirst("firstName");
var firstName = identity.FindFirst("firstName");
var Email = identity.FindFirst("Email");
var UserID = identity.FindFirst("UserID");
var claimsToKeep = new List<Claim> { tenantId, Name,firstName, Email, UserID };
var newIdentity = new ClaimsIdentity(claimsToKeep, identity.AuthenticationType, ClaimTypes.NameIdentifier, ClaimTypes.Role);
ClaimsPrincipal newClaims = new ClaimsPrincipal(newIdentity);
return new ClaimsPrincipal(new ClaimsIdentity(claimsToKeep, identity.AuthenticationType, ClaimTypes.Name, ClaimTypes.Role)
{
BootstrapContext = ((ClaimsIdentity)claimsPrincipal.Identity).BootstrapContext
});
//return newClaims;
}
public static ClaimsPrincipal TransformClaims(ClaimsPrincipal claimsPrincipal)
{
ClaimsIdentity identity = (ClaimsIdentity)claimsPrincipal.Identity;
var tenantId = identity.FindFirst(ClaimTypes.NameIdentifier);
var Name = identity.FindFirst("firstName");
var firstName = identity.FindFirst("firstName");
var Email = identity.FindFirst("Email");
var UserID = identity.FindFirst("UserID");
var claimsToKeep = new List<Claim> { tenantId, Name,firstName, Email, UserID };
return new ClaimsPrincipal(new ClaimsIdentity(claimsToKeep, identity.AuthenticationType, ClaimTypes.NameIdentifier, ClaimTypes.Role)
{
BootstrapContext = ((ClaimsIdentity)claimsPrincipal.Identity).BootstrapContext
});
}
[路由(“断言消费者服务”)]
公共异步任务断言ConsumerService()
{
尝试
{
var binding=newsaml2postbinding();
var saml2AuthnResponse=新的saml2AuthnResponse(配置);
binding.ReadSamlResponse(Request.ToGenericHttpRequest(),saml2AuthnResponse);
if(saml2AuthnResponse.Status!=Saml2StatusCodes.Success)
{
抛出新的AuthenticationException($“SAML响应状态:{saml2AuthnResponse.status}”);
}
binding.Unbind(Request.ToGenericHttpRequest(),saml2AuthnResponse);
等待saml2AuthnResponse.CreateSession(HttpContext,ClaimStrasForm:(claimsPrincipal)=>ClaimStrasForm.TransformClaims(claimsPrincipal),isPersistent:true,lifetime:new TimeSpan(1,0,0));
var auth=HttpContext.User.Identity.IsAuthenticated;
}
捕获(例外情况除外)
{
}
返回重定向(“~/”);
}
[Route("AssertionConsumerService")]
public async Task<IActionResult> AssertionConsumerService()
{
try
{
var binding = new Saml2PostBinding();
var saml2AuthnResponse = new Saml2AuthnResponse(config);
binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);
if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
{
throw new AuthenticationException($"SAML Response status: {saml2AuthnResponse.Status}");
}
binding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnResponse);
await saml2AuthnResponse.CreateSession(HttpContext, claimsTransform: (claimsPrincipal) => ClaimsTransform.TransformClaims(claimsPrincipal),isPersistent:true, lifetime: new TimeSpan(1, 0, 0));
var auth = HttpContext.User.Identity.IsAuthenticated;
}
catch (Exception ex)
{
}
return Redirect("~/");
}
public static ClaimsPrincipal TransformClaims(ClaimsPrincipal claimsPrincipal)
{
ClaimsIdentity identity = (ClaimsIdentity)claimsPrincipal.Identity;
var tenantId = identity.FindFirst(ClaimTypes.NameIdentifier);
var Name = identity.FindFirst("firstName");
var firstName = identity.FindFirst("firstName");
var Email = identity.FindFirst("Email");
var UserID = identity.FindFirst("UserID");
var claimsToKeep = new List<Claim> { tenantId, Name,firstName, Email, UserID };
var newIdentity = new ClaimsIdentity(claimsToKeep, identity.AuthenticationType, ClaimTypes.NameIdentifier, ClaimTypes.Role);
ClaimsPrincipal newClaims = new ClaimsPrincipal(newIdentity);
return new ClaimsPrincipal(new ClaimsIdentity(claimsToKeep, identity.AuthenticationType, ClaimTypes.Name, ClaimTypes.Role)
{
BootstrapContext = ((ClaimsIdentity)claimsPrincipal.Identity).BootstrapContext
});
//return newClaims;
}
public static ClaimsPrincipal TransformClaims(ClaimsPrincipal claimsPrincipal)
{
ClaimsIdentity identity = (ClaimsIdentity)claimsPrincipal.Identity;
var tenantId = identity.FindFirst(ClaimTypes.NameIdentifier);
var Name = identity.FindFirst("firstName");
var firstName = identity.FindFirst("firstName");
var Email = identity.FindFirst("Email");
var UserID = identity.FindFirst("UserID");
var claimsToKeep = new List<Claim> { tenantId, Name,firstName, Email, UserID };
return new ClaimsPrincipal(new ClaimsIdentity(claimsToKeep, identity.AuthenticationType, ClaimTypes.NameIdentifier, ClaimTypes.Role)
{
BootstrapContext = ((ClaimsIdentity)claimsPrincipal.Identity).BootstrapContext
});
}
public static ClaimsPrincipal TransformClaims(ClaimsPrincipal ClaimsPrincipal)
{
ClaimsIdentity identity=(ClaimsIdentity)claimsPrincipal.identity;
var tenantId=identity.FindFirst(ClaimTypes.NameIdentifier);
var Name=identity.FindFirst(“firstName”);
var firstName=identity.FindFirst(“firstName”);
var Email=identity.FindFirst(“电子邮件”);
var UserID=identity.FindFirst(“UserID”);
var claimstokep=新列表{tenantId,Name,firstName,Email,UserID};
var newIdentity=newclaimsidentity(claimsToKeep,identity.AuthenticationType,ClaimTypes.NameIdentifier,ClaimTypes.Role);
ClaimsPrincipal newClaims=新的ClaimsPrincipal(newIdentity);
返回新的ClaimsPrincipal(新的ClaimsIdentity(claimsToKeep,identity.AuthenticationType,ClaimTypes.Name,ClaimTypes.Role)
{
BootstrapContext=((ClaimsIdentity)claimsPrincipal.Identity).BootstrapContext
});
//归还新的索赔;
}
非常感谢您的帮助。您需要将用户身份声明设置为声明集中存在的声明,否则该用户不会被接受为正在进行身份验证 如果tenantId声明是用户标识,则用户标识声明是
ClaimTypes.NameIdentifiernewclaimsprincipal(…ClaimTypes.NameIdentifier,ClaimTypes.Role) [Route("AssertionConsumerService")]
public async Task<IActionResult> AssertionConsumerService()
{
try
{
var binding = new Saml2PostBinding();
var saml2AuthnResponse = new Saml2AuthnResponse(config);
binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);
if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
{
throw new AuthenticationException($"SAML Response status: {saml2AuthnResponse.Status}");
}
binding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnResponse);
await saml2AuthnResponse.CreateSession(HttpContext, claimsTransform: (claimsPrincipal) => ClaimsTransform.TransformClaims(claimsPrincipal),isPersistent:true, lifetime: new TimeSpan(1, 0, 0));
var auth = HttpContext.User.Identity.IsAuthenticated;
}
catch (Exception ex)
{
}
return Redirect("~/");
}
public static ClaimsPrincipal TransformClaims(ClaimsPrincipal claimsPrincipal)
{
ClaimsIdentity identity = (ClaimsIdentity)claimsPrincipal.Identity;
var tenantId = identity.FindFirst(ClaimTypes.NameIdentifier);
var Name = identity.FindFirst("firstName");
var firstName = identity.FindFirst("firstName");
var Email = identity.FindFirst("Email");
var UserID = identity.FindFirst("UserID");
var claimsToKeep = new List<Claim> { tenantId, Name,firstName, Email, UserID };
var newIdentity = new ClaimsIdentity(claimsToKeep, identity.AuthenticationType, ClaimTypes.NameIdentifier, ClaimTypes.Role);
ClaimsPrincipal newClaims = new ClaimsPrincipal(newIdentity);
return new ClaimsPrincipal(new ClaimsIdentity(claimsToKeep, identity.AuthenticationType, ClaimTypes.Name, ClaimTypes.Role)
{
BootstrapContext = ((ClaimsIdentity)claimsPrincipal.Identity).BootstrapContext
});
//return newClaims;
}
public static ClaimsPrincipal TransformClaims(ClaimsPrincipal claimsPrincipal)
{
ClaimsIdentity identity = (ClaimsIdentity)claimsPrincipal.Identity;
var tenantId = identity.FindFirst(ClaimTypes.NameIdentifier);
var Name = identity.FindFirst("firstName");
var firstName = identity.FindFirst("firstName");
var Email = identity.FindFirst("Email");
var UserID = identity.FindFirst("UserID");
var claimsToKeep = new List<Claim> { tenantId, Name,firstName, Email, UserID };
return new ClaimsPrincipal(new ClaimsIdentity(claimsToKeep, identity.AuthenticationType, ClaimTypes.NameIdentifier, ClaimTypes.Role)
{
BootstrapContext = ((ClaimsIdentity)claimsPrincipal.Identity).BootstrapContext
});
}
public static ClaimsPrincipal TransformClaims(ClaimsPrincipal ClaimsPrincipal)
{
ClaimsIdentity identity=(ClaimsIdentity)claimsPrincipal.identity;
var tenantId=identity.FindFirst(ClaimTypes.NameIdentifier);
var Name=identity.FindFirst(“firstName”);
var firstName=identity.FindFirst(“firstName”);
var Email=identity.FindFirst(“电子邮件”);
var UserID=identity.FindFirst(“UserID”);
var claimstokep=新列表{tenantId,Name,firstName,Email,UserID};
返回新的ClaimsPrincipal(新的ClaimsEntity(claimsToKeep,identity.AuthenticationType,ClaimTypes.NameIdentifier,ClaimTypes.Role)
{
BootstrapContext=((ClaimsIdentity)claimsPrincipal.Identity).BootstrapContext
});
}