目前我正在开发一个 WCF 服务,作为 ASP 应用程序和 AD FS 2.0 之间的中介,因为架构不希望 ASP 应用程序直接与 AD FS 2.0 对话。
他希望任何应用程序都使用 WCF 服务,并且该服务将在不使用 Visual Studio 的 STS 配置的情况下提供信息(声明)。
所以,我找到了这段代码:https ://stackoverflow.com/a/10992474/516715
这可以很好地获得索赔,但我对此有疑问:
谢谢!
I would say you are opening yourself up to a whole world of pain.
There is an established, security reviewed, gold standard pattern for applications to communicate via a browser to ADFS using WIF.
So what you are essentially trying to do is re-invent the wheel by writing a web service that implements all the browser functionality e.g cookies. Your solution loses all the advantages that ADFS provides e.g. SSO, Federation, HRD etc.
And now you want to dig the hole deeper by writing your own STS.
The browser pattern is exactly what Microsoft use for Windows Live, Office 365 and Azure Active Directory.
So if it's good enough for Microsoft, why does your architect not want it?