0

我已经能够继承 DefaultTokenReplayCache 并使其在我的 MVC 应用程序中工作。这会正确检测将由 Fiddler 从 IDP 重播到 RP 的令牌,或者通过按后退箭头并重新提交。

我现在的意图是在 FedAuth cookie 存在并且该会话已经注销时防止缓存重播。

例如:

DefaultTokenReplayCache 正确确定何时重播此响应:

POST http://127.0.0.1:2600/Account/SignIn HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC EA 2)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 6679
Host: 127.0.0.1:2600
Pragma: no-cache

wa=wsignin1.0&wresult=%3Ct%3ARequest .....

但是,如果我退出,可以重播以下会话

GET http://127.0.0.1:2600/ HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC EA 2)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: 127.0.0.1:2600
Pragma: no-cache
Cookie: FedAuth=77u/PD94bWwgd......

问题

一旦该会话被注销,我如何确保 WIF 将不再允许特定的 FedAuth cookie?

4

2 回答 2

0

你是怎么退出的?您通常需要调用FederatedAuthentication.WSFederationAuthenticationModule.SignOut

这将清除所有 FedAuth cookie。请注意,这不会清除您可能在应用中设置的任何其他 cookie。

于 2011-10-31T17:32:24.613 回答
0

您需要将 tokenReplayDetection 添加到依赖方的 identityConfiguration 元素中。

<system.identityModel>
    <identityConfiguration ...>
        <tokenReplayDetection enabled="true"/>
        ...

-阿特利

于 2017-12-01T10:47:32.193 回答