在运行时设置web服务的领域和颁发者(windows azure ACS)
在运行时设置web服务的领域和颁发者(windows azure ACS)
提问于 2013-11-28 19:50:15
我们的项目中有这样的场景,
我们有租户-1到租户-n,它们使用Restful服务S1。租户与IDP之间是一对一的关系。客户端必须在登录时在ACS中配置的租户特定IDP的帮助下,使用ACS通过Restful Service联合租户UI。
Tenant-1映射到IdP1 (例如: Yahoo) Tenant-2映射到Idp2 (例如: Google)
Restful Service以JSON的形式返回一个JavaScript,它托管在租户的Web中。因此,如果租户已经通过他自己的应用程序使用特定于他的IDP登录到租户UI,那么对于从租户UI到Restful服务的任何请求,Restful服务应该基于在自注册过程中配置的合作伙伴信息(租户到IdP的映射)联合到租户特定的IdP。
我在Global.asax中设置Realm,如下所示。
public class WebApiApplication : System.Web.HttpApplication
{
public event EventHandler RedirectingToIdentityProvider;
public override void Init()
{
FederatedAuthentication.WSFederationAuthenticationModule.RedirectingToIdentityProvider += WSFederationAuthenticationModule_RedirectingToIdentityProvider;
}
void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
{
Tenant tenant = GetTenantDetails(subId); // Gets the tenant information from MetaData based on subscriptionId
if (tenant != null)
{
e.SignInRequestMessage.Realm = tenant.Realm + "CMS/";
}
}
protected void Application_Start()
{
FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
}
private void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
if (tenant != null)
{
e.FederationConfiguration.WsFederationConfiguration.Issuer = tenant.Issuer;
Uri uri = new Uri(tenant.Realm + "CMS/");
if (!e.FederationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(uri))
e.FederationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(tenant.Realm + "CMS/"));
e.FederationConfiguration.WsFederationConfiguration.Realm = tenant.Realm + "CMS/";
}
}此外,还在每个请求级别设置了域,如下所示。
public class MetaDataModule : IHttpModule
{
private static string WSFederationAuthenticationModuleName = string.Empty;
public void Init(HttpApplication httpContextApplication)
{
var requestWrapper = new EventHandler(DoSyncRequestWorkToGetTenantDetails);
httpContextApplication.BeginRequest += requestWrapper;
}
private static void DoSyncRequestWorkToGetTenantDetails(object sender, EventArgs e)
{
var httpContextApplication = (HttpApplication)sender;
Tenant tenant = GetTenantDetails(); // Gets the tenant information from MetaData based on subscriptionId
if (tenant != null)
{
WSFederationAuthenticationModule wsfed = (WSFederationAuthenticationModule)httpContextApplication.Modules["WSFederationAuthenticationModule"];
wsfed.FederationConfiguration.WsFederationConfiguration.Issuer = tenant.Issuer;
Uri uri = new Uri(tenant.Realm + "CMS/");
if (!wsfed.FederationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(uri))
wsfed.FederationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(tenant.Realm + "CMS/"));
wsfed.FederationConfiguration.WsFederationConfiguration.Realm = tenant.Realm + "CMS/";
//FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Issuer = tenant.Issuer;
//Uri uri = new Uri(tenant.Realm + "CMS/");
//if (!FederatedAuthentication.FederationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(uri))
// FederatedAuthentication.FederationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(tenant.Realm + "CMS/"));
//FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Realm = tenant.Realm + "CMS/";
}
}请找到在Web.config中注册的模块和WIF配置的其余部分。
尽管为每个请求重置了域,但不会分配新值。
客户端不希望他们的租户实现任何身份验证或联盟相关的代码,这样才能正常工作。
请让我知道,如果你能想到任何解决这个问题的被动联盟的帮助。
回答 1
Stack Overflow用户
发布于 2014-05-28 08:05:31
您应该在Global.asax的Application_AuthenticateRequest方法中自定义领域。看看这个link。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/20273844
复制相关文章
相似问题
注册服务和广播接收器时的异常
可能失败的函数的接收器参数和移动语义(强异常安全性)
无法启动接收器异常
输出参数和异常
参数和接收器有什么区别?
添加站长 进交流群
领取专属 10元无门槛券
AI混元助手 在线答疑
关注 腾讯云开发者公众号
洞察 腾讯核心技术
剖析业界实践案例
腾讯云开发者
