我在 Azure 中构建并部署了我的应用程序,使用 ADFS 进行身份验证。当我访问我的应用程序时,它会将我重定向到 ADFS 登录页面。我登录,然后它会将我重定向回我的应用程序,在那里我遇到以下异常:
异常信息:异常类型:SecurityTokenException 异常消息:ID4014:未注册 SecurityTokenHandler 以读取安全令牌('BinarySecurityToken',' http ://docs.oasis-open.org/wss/2004/01/oasis-200401-wss -wssecurity-secext-1.0.xsd')。在 System.IdentityModel.Services.TokenReceiver.ReadToken(字符串 tokenXml,XmlDictionaryReaderQuotas readerQuotas,FederationConfiguration federationConfiguration)在 System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase 请求)在 System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(对象发件人,EventArgs args ) 在 System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() 在 System.Web.HttpApplication.ExecuteStep(IExecutionStep 步骤,布尔值&完成同步)
这是我第一次处理 ADFS 和 Azure - 几个问题:
- 我需要修改代码的哪一部分以适应安全令牌要求(假设我需要)?例如,当用户通过 ADFS 登录,并且 ADFS 将用户重定向回我的应用程序时,我的应用程序是否应该“正常工作”,并且页面顶部的登录链接更改为注销?我正在使用 MVC4。
- 我公司的 ADFS 服务器有自己的登录页面。这是否意味着我可以取消 Azure MVC 应用程序开箱即用的登录功能?
编辑 这是删除所有敏感数据的 FederationMetadata.xml 文件:http: //mikemarks.net/FederationMetadata.xml
编辑
这是我的 web.config 的system.identityModel和system.identityModel.service部分:
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://conocopocazuremike.cloudapp.net/" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://blah/adfs/services/trust"><keys><add thumbprint="blah" /></keys><validIssuers><add name="http://blah/adfs/services/trust" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://blah/adfs/services/trust"><keys><add thumbprint="blah" /></keys><validIssuers><add name="http://blah/adfs/services/trust" /></validIssuers></authority></issuerNameRegistry>-->
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"><trustedIssuers><add thumbprint="blah" name="http://blah/adfs/services/trust" /></trustedIssuers></issuerNameRegistry>-->
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://blah/adfs/services/trust">
<keys>
<add thumbprint="blah" />
</keys>
<validIssuers>
<add name="http://blah/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" />
<wsFederation passiveRedirectEnabled="true" issuer="https://blah/adfs/ls/" realm="https://blah.cloudapp.net/" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>