ClaimsPrincipal在到达WCF服务时为空
我目前正在使用以下工具实施联合身份验证解决方案: 用于发行代币的被动STS、承载Silverlight应用程序的网站以及Silverlight应用程序的WCF服务 到目前为止,我能够:ClaimsPrincipal在到达WCF服务时为空,wcf,wif,Wcf,Wif,我目前正在使用以下工具实施联合身份验证解决方案: 用于发行代币的被动STS、承载Silverlight应用程序的网站以及Silverlight应用程序的WCF服务 到目前为止,我能够: 重定向到STS 登录并重定向到网站 通过访问在网站上显示索赔 HttpContext.Current.User.Identity作为IClaimIdentity 在网站的web.config上,我添加了所需的两个WIF模块(在IIS 7下) 问题在于,调用my ClaimsAuthorizationManag
- 重定向到STS
- 登录并重定向到网站
- 通过访问在网站上显示索赔
HttpContext.Current.User.Identity作为IClaimIdentity代码>
有什么想法吗?您不需要设置Thread.CurrentPrincipal,因为会话模块将为您执行此操作。您需要通过HttpContext.Current.User访问它,因为Thread.Principal通常设置在与访问您的服务的线程不同的线程上,因为它在IIS中是两个不同的模块。我们在即将出版的书中有一个例子,你可以在我们的网站上查看
HTH以下示例代码显示了一个继承ClaimsAuthenticationManager的示例类。它只接收传入的IClaimsPrincipal并传递声明,但名称声明除外,名称声明已被修改。这不会像您的示例中那样,在当前线程上设置CurrentPrincipal 我的测试实现如下:
public class CustomClaimsAuthenticationManager : ClaimsAuthenticationManager
{
public CustomClaimsAuthenticationManager()
{
}
public override IClaimsPrincipal Authenticate(string resourceName,
IClaimsPrincipal incomingPrincipal)
{
var outgoingIdentity = GetClaimsAsPassthrough(incomingPrincipal);
return outgoingIdentity;
}
private IClaimsPrincipal GetClaimsAsPassthrough(IClaimsPrincipal incomingPrincipal)
{
if (!incomingPrincipal.Identity.IsAuthenticated)
{
return incomingPrincipal;
}
var ingoingClaims = incomingPrincipal.Identity as IClaimsIdentity;
ClaimsIdentity outgoingIdentity = new ClaimsIdentity(new List<Claim>
{
new Claim(ClaimTypes.Name, (incomingPrincipal.Identity.Name + "
a very cool guy"))
}, incomingPrincipal.Identity.AuthenticationType);
foreach (var claim in ingoingClaims.Claims.Where(
c => c.ClaimType != ClaimTypes.Name))
{
outgoingIdentity.Claims.Add(claim.Copy());
}
return new ClaimsPrincipal(new List<ClaimsIdentity> { outgoingIdentity });
}
}
公共类CustomClaimsAuthenticationManager:ClaimsAuthenticationManager
{
公共CustomClaimsAuthenticationManager()
{
}
公共覆盖ICLAIMSPRINATE身份验证(字符串resourceName,
ICLAIMS委托人(收入委托人)
{
var outgoingIdentity=GetClaimsAsPassthrough(收益本金);
返出率;
}
私有ICLAIMS委托人GetClaimsAsPassthrough(ICLAIMS委托人收入委托人)
{
如果(!incomingPrincipal.Identity.IsAuthenticated)
{
返还收益本金;
}
var ingoingClaims=收入主体。身份为IClaimsIdentity;
ClaimsIdentity outgoingIdentity=新的ClaimsIdentity(新列表
{
新索赔(ClaimTypes.Name,(incomingPrincipal.Identity.Name+)
一个很酷的家伙
},incomingPrincipal.Identity.AuthenticationType);
foreach(ingoingClaims.Claims.Where中的var索赔(
c=>c.ClaimType!=ClaimTypes.Name))
{
outgoingIdentity.Claims.Add(claim.Copy());
}
返回新的ClaimsPrincipal(新列表{outgoingIdentity});
}
}
<service name="Rem.Ria.PatientModule.Web.WebService.PatientService">
<claimsAuthenticationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthenticationManager"/>
<claimsAuthorizationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthorizationManager"/>
</service>
class RemClaimsAuthenticationManager : ClaimsAuthenticationManager
{
public override IClaimsPrincipal Authenticate ( string resourceName, IClaimsPrincipal incomingPrincipal )
{
if ( incomingPrincipal.Identity.IsAuthenticated )
{
Thread.CurrentPrincipal = incomingPrincipal;
}
return incomingPrincipal;
}
}
}
public class CustomClaimsAuthenticationManager : ClaimsAuthenticationManager
{
public CustomClaimsAuthenticationManager()
{
}
public override IClaimsPrincipal Authenticate(string resourceName,
IClaimsPrincipal incomingPrincipal)
{
var outgoingIdentity = GetClaimsAsPassthrough(incomingPrincipal);
return outgoingIdentity;
}
private IClaimsPrincipal GetClaimsAsPassthrough(IClaimsPrincipal incomingPrincipal)
{
if (!incomingPrincipal.Identity.IsAuthenticated)
{
return incomingPrincipal;
}
var ingoingClaims = incomingPrincipal.Identity as IClaimsIdentity;
ClaimsIdentity outgoingIdentity = new ClaimsIdentity(new List<Claim>
{
new Claim(ClaimTypes.Name, (incomingPrincipal.Identity.Name + "
a very cool guy"))
}, incomingPrincipal.Identity.AuthenticationType);
foreach (var claim in ingoingClaims.Claims.Where(
c => c.ClaimType != ClaimTypes.Name))
{
outgoingIdentity.Claims.Add(claim.Copy());
}
return new ClaimsPrincipal(new List<ClaimsIdentity> { outgoingIdentity });
}
}