C# ADFS:安全验证异常-未找到验证程序
我的任务是集成ADFS服务器登录,但每次我被重定向到ADFS登录页面并使用正确的凭据登录时。我收到以下错误消息 Microsoft.IdentityModel.Tokens.SecurityTokenException:未找到验证程序 在Microsoft.Owin.Security.WsFederation.WsFederationAuthenticationHandler.d_u8.MoveNext()中 关于这个错误消息几乎没有什么可发现的,我是ADFS的初学者 这是我目前在启动中使用的以下代码,只有在捕获AuthenticationFailed时,我才得到某种令牌响应,我是否需要来自实际测试ADFS服务器的证书来验证身份验证,或者是否需要其他东西 仅添加一点,在身份验证失败段返回的令牌确实提供了一个带有X509 Issueer名称和序列号的令牌C# ADFS:安全验证异常-未找到验证程序,c#,owin,adfs,katana,C#,Owin,Adfs,Katana,我的任务是集成ADFS服务器登录,但每次我被重定向到ADFS登录页面并使用正确的凭据登录时。我收到以下错误消息 Microsoft.IdentityModel.Tokens.SecurityTokenException:未找到验证程序 在Microsoft.Owin.Security.WsFederation.WsFederationAuthenticationHandler.d_u8.MoveNext()中 关于这个错误消息几乎没有什么可发现的,我是ADFS的初学者 这是我目前在启动中使用的以
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
private static string adfsMetadata = ConfigurationManager.AppSettings["ida:ADFSMetadata"];
private static string wtReply = ConfigurationManager.AppSettings["ida:Wreply"];
private static string logFile = ConfigurationManager.AppSettings["LogFile"];
public void ConfigureAuth(IAppBuilder app)
{
IdentityModelEventSource.ShowPII = true;
//app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
//app.use(WsFederationAuthenticationDefaults.AuthenticationType);
//app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
//Provider = new CookieAuthenticationProvider(),
CookieName = MyAuthentication.ApplicationCookie,
CookieHttpOnly = true,
ExpireTimeSpan = TimeSpan.FromHours(12)
});
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
//SignInAsAuthenticationType = "",
MetadataAddress = adfsMetadata,
Wtrealm = realm,
Caption = "Active Directory",
AuthenticationType = "WS-Fed Auth (Primary)",
Notifications = new WsFederationAuthenticationNotifications()
{
SecurityTokenValidated = notification =>
{
if (notification != null)
{
var token = notification.ProtocolMessage.GetToken();
ClaimsIdentity identity = notification.AuthenticationTicket.Identity;
if (identity != null)
{
//writer.WriteLine($"Date: {DateTime.Now}, Authentication Type: {notification.AuthenticationTicket.Identity.AuthenticationType}");
//loop through all the claims returned (this should return everything set up in ADFS)
foreach (var claim in identity.Claims)
{
if (claim.Type == ClaimTypes.Email) //or whatever claim type you want to use as your name identifier
{
//writer.WriteLine($"Date: {DateTime.Now}, Email Claim: {claim.Value}");
//This line will add a duplicate claim, giving it the specified type. This NEEDS TO BE `NameIdentifier`
//identity.AddClaim(new Claim(ClaimTypes.Email, claim.Value));
}
}
}
}
else
{
//writer.WriteLine($"Date: {DateTime.Now}, Notification not found");
}
return Task.FromResult(0);
},
AuthenticationFailed = context =>
{
context.HandleResponse();
using (StreamWriter writer = System.IO.File.AppendText(logFile))
{
writer.Write("-----------------------------Start of Message------------------------------------------------");
//if (context.Response.Body != null)
//{
// StreamReader reader = new StreamReader(context.Response.Body);
// string text = reader.ReadToEnd();
// writer.WriteLine($"Date: {DateTime.Now}, Response Message: {text}");
//}
writer.WriteLine($"Date: {DateTime.Now}, Wctx Message: {context.ProtocolMessage.Wctx}");
writer.WriteLine($"Date: {DateTime.Now}, Wuath Message: {context.ProtocolMessage.Wauth}");
writer.WriteLine($"Date: {DateTime.Now}, WRep Message: {context.ProtocolMessage.Wreply}");
writer.WriteLine($"Date: {DateTime.Now}, Exception Message: {context.Exception}");
if (context.ProtocolMessage.GetToken() != null)
writer.WriteLine($"Date: {DateTime.Now}, Token: {context.ProtocolMessage.GetToken()}");
writer.Write("-------------------------------End of Message----------------------------------------------");
writer.Close();
}
return Task.FromResult(0);
},
SecurityTokenReceived = context =>
{
// Get the token
var token = context.ProtocolMessage.GetToken();
//writer.WriteLine($"Date: {DateTime.Now}, token: {token}");
return Task.FromResult(0);
}
},
Wreply = wtReply
});
//writer.Close();
//AuthenticateAllRequests(app, "WS-Fed Auth (Primary)");
AuthenticateAllRequests(app, WsFederationAuthenticationDefaults.AuthenticationType);
}
private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors)
{
using (StreamWriter writer = System.IO.File.AppendText(logFile))
{
writer.WriteLine($"Date: {DateTime.Now}, Validate Server Certificate called");
writer.Close();
}
return true; // Our "TEST" ADFS has a fake certficate, so we don't want to validate it.
}
private static void AuthenticateAllRequests(IAppBuilder app, params string[] authenticationTypes)
{
app.Use((context, continuation) =>
{
if (context.Authentication.User != null &&
context.Authentication.User.Identity != null &&
context.Authentication.User.Identity.IsAuthenticated)
{
if (context.Authentication.User.Identity != null)
{
//using (StreamWriter writer = System.IO.File.AppendText(logFile))
//{
// writer.WriteLine($"Date: {DateTime.Now}, User Identity: {context.Authentication.User.Identity.Name}");
// //writer.Close();
//}
}
return continuation();
}
//using (StreamWriter writer = System.IO.File.AppendText(logFile))
//{
// writer.WriteLine($"Date: {DateTime.Now}, Challenge Login {authenticationTypes.First()}, Sign In type {app.GetDefaultSignInAsAuthenticationType()}");
// //writer.Close();
//}
context.Authentication.Challenge(authenticationTypes);
return Task.Delay(0);
});
}
我希望代码段有助于找出所需的内容,因为关于实际异常消息的信息很少