0

对于我的 Web 应用程序,我使用 Azure ACS 进行身份验证。我遵循这个 [1]:http: //msdn.microsoft.com/en-us/library/hh127794.aspx来实现我的代码。我只对 Windows Live 用户进行身份验证。我发现 ACS 不提供用户信息,例如用户名、电子邮件等。

private static bool GetUrlFromContext(FormCollection form)
    {
        WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection(new Uri("http://www.notused.com"), form);

        return (message != null ? message.Context : null);
    }

此代码验证了身份验证。但我需要一些唯一标识符来跟踪用户。

我正在寻找一个唯一 id 来保持跟踪用户。

WSFederationMessage.CreateFromNameValueCollection(new Uri("http://www.notused.com"), form);

这会返回一个看起来像这样的响应

<t:RequestSecurityTokenResponse Context="http://localhost:64000/"><t:Lifetime><wsu:Created>2013-03-19T09:31:49.237Z</wsu:Created><wsu:Expires>2013-03-19T10:31:49.237Z</wsu:Expires></t:Lifetime><wsp:AppliesTo><EndpointReference><Address>http://localhost:64000/</Address></EndpointReference></wsp:AppliesTo><t:RequestedSecurityToken><Assertion ID="_ad47777b-18da-4142-8bb5-198a724ccb29" IssueInstant="2013-03-19T09:31:49.268Z" Version="2.0"><Issuer>https://logintest.accesscontrol.windows.net/</Issuer><ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_ad47777b-18da-4142-8bb5-198a724ccb29"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>//gh2d9XZF9P7X4mqy/VxGamRMlH1Gt6xTI8BvcBbQg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>D/g5pZoyvTDxBZ4pvy4Pj3+GmnG8EgxHkAEtHHqYkD3DVNrOkwkd5+Ubg2jJBaHlzEcY6N+oGl+XsNvuMIyttk+lgnaCLTggYdcFJMkcBA/zaKdDdfG78tyV8ZU64hySRO5gSvZMIUBWRdryBNHzXuoGF2AsJkQzSTp3pZoutUQQ1Va3UsgE45hfEIoNzCG8t476F/p/njq0XB0+1Fl/87SN/oyYt58l8zX16R8sRTfAvN9DDFPaROyXMfDbRVF+T/6YCgZdRPtCtR+nZEYH8ss6QmZpd21nrgOYF0ASdxxe6bmq0gAT6VBiMhpO4B0FUzO30AezaGld1oYzi+nTYA==</ds:SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDFDCCAfygAwIBAgIQJK0cd7iVIoRMyjnvkkDLDjANBgkqhkiG9w0BAQUFADAuMSwwKgYDVQQDEyNsb2dpbnRlc3QuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDAeFw0xMzAzMTMwOTUzMjZaFw0xNDAzMTMxNTUzMjZaMC4xLDAqBgNVBAMTI2xvZ2ludGVzdC5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtio2R5cC28rleova/v928PzvoXXlnvllbQWbYpcxIfz8SQ6//+v3jqA07Zb4er6jpu697fQyR/qLJA3Xm0gwI2wj5nvGbOTLMTEo5tMy0RGeIpErHTEHFHgkPkvhwwehg18Ew+9h5Elsm+SAHfb1J2Bb3txhZ/ka02qeNWc2JRJeubnjTvOBHGPv9p3oeV0Wk5osZyg0bUOpbBAJamqcaeu2mrBt8zuPkH2jjHiJ2CqUv0/3BWwpeYzVQs8/PrWMsPgThgzaU/6toQLMyZRiJj16BkXNfimd4QjSwJZElyg2wHWmpn+WG4l7C1w3832eeMEBuyYX9XA/cY0j5wN+nQIDAQABoy4wLDALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFIaS77q7MmvRIMIJRaCB6h70Bf31MA0GCSqGSIb3DQEBBQUAA4IBAQAgxGatpwdOaenf5hwZXtIOcdDW74wEGiOrqD7N5dhVslG0a9R0J6IqaLtWCnx9bUWobsJl0qohLBrnTfZfeOnFmPlqTNL80KrikW/x+Ay5zXF9RYXnqZCx80Ty0WoQDtb7ogCmtMG7WwdoFBIiv5XOMzNcoLgcx/sWxemOIfswuKNCaWnBV7ai2cPv+kkVNj7XcMLxPKCG9/RoY1yq7LIKx5UWygJX68p7fhBkMY4uHxkaJwIhLgHXF4ozifjxKd/kWoYi01VSzB2ald3f1arog7Y0BujKHveLc6f0+eZWu/Og+/Cann9M0e2f9NzBNVVee37cyp7faSHDA7XUOAoB</X509Certificate></X509Data></KeyInfo></ds:Signature><Subject><NameID>xWTQfgjexVZ4sturSHZmdppGj/am1IweOYHgc139TrE=</NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></Subject><Conditions NotBefore="2013-03-19T09:31:49.237Z" NotOnOrAfter="2013-03-19T10:31:49.237Z"><AudienceRestriction><Audience>http://localhost:64000/</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider"><AttributeValue>uri:WindowsLiveID</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2013-03-19T07:36:40.000Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></t:RequestedSecurityToken><t:RequestedAttachedReference><SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_ad47777b-18da-4142-8bb5-198a724ccb29</KeyIdentifier></SecurityTokenReference></t:RequestedAttachedReference><t:RequestedUnattachedReference><SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_ad47777b-18da-4142-8bb5-198a724ccb29</KeyIdentifier></SecurityTokenReference></t:RequestedUnattachedReference><t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>

我认为在这个响应<NameID>xWTQfgjexVZ4sturSHZmdppGj/am1IweOYHgc139TrE=</NameID>中包含独特的价值。但似乎 PC 与 PC 不同。

请建议我实现这一目标的方法。

提前致谢!

4

2 回答 2

0

不,没有办法。然而,唯一性不是从 PC 到 PC,而是从应用程序到应用程序。从 ACS 命名空间到 ACS 命名空间。您应该检查 NameIdentifier Claim,我认为它已映射到此 NameID,但我很确定在相同的 ACS 命名空间上为同一依赖方使用相同的 LiveID 登录将始终为您提供相同的 NameIdentifier 声明。查看这个 StackOverflow 问题的回答,因为我深入解释了唯一性在哪里。

于 2013-04-08T06:15:45.877 回答
0

最好的方法是使用自定义 STS 提供 calims。或者直接使用 Live connect,你可以查看这个代码示例

将云汇聚在一起:Azure + Bing Maps

http://blogs.msdn.com/b/windows-azure-support/archive/2010/08/11/bring-the-clouds-together-azure-bing-maps.aspx

于 2013-04-09T03:10:51.157 回答