I recently built an ASP.NET application at work to help track internal use of our products. It's been really well received, but only a few days after launch one of our managers came over and asked if we could move the site to Azure so that people didn't need to be in the office or on the VPN. Getting sites published on Azure itself is fairly easy with the publishing tools in Visual Studio - but dealing with authentication itself is a bit more difficult. The site uses Windows authentication - not something suitable for use on Azure.

There seem to be a few options when migrating away:

* Windows Azure Active Directory (effectively replicate your AD into Azure)
* Azure Access Control Services (now deprecated)
* On premise ADFS (can be made public for authentication outside the office)

Given ACS is deprecated and we already had an ADFS server I went down
the ADFS route. It's not as easy as it should be - you can't change the
authentication option easily in VS 2013 after you've created a project.
Here's how I did it:

(Throughout the following, replace with the hostname of your application and with the hostname of your ADFS server)

Open your web.config file

Add the following to (or create if necessary) the configSections element:

<configSections>
<section name="system.identityModel"
type="System.IdentityModel.Configuration.SystemIdentityModelSection,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services"
type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=B77A5C561934E089" />
</configSections>

Add the following to (or create if necessary) the appSettings element:

<appSettings>
<add key="ida:FederationMetadataLocation"
value="https://<sts.local>/federationmetadata/2007-06/federationmetadata.xml"
/>
<add key="ida:Realm" value="https://<app.local>/" />
<add key="ida:AudienceUri" value="https://<app.local>/" />
</appSettings>

Change the authentication mode to None:

<authentication mode="None" />

Add the following configuration sections:

<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule"
type="System.IdentityModel.Services.WSFederationAuthenticationModule,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule"
type="System.IdentityModel.Services.SessionAuthenticationModule,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://<app.local>/" />
</audienceUris>
<securityTokenHandlers>
<add
type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
<remove
type="System.IdentityModel.Tokens.SessionSecurityTokenHandler,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry
type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry,
System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://<sts.local>/adfs/services/trust">
<keys>
<add thumbprint="<thumbprint>" />
</keys>
<validIssuers>
<add name="http://<sts.local>/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://<sts.local>/adfs/ls/"
realm="https://<app.local>/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>

Add the following references

System.IdentityModel
System.IdentityModel.Services
System.IdentityModel.Tokens.ValidatingIssuer

You now need to register your app with the ADFS server as a "relying party"

Migrating an ASP.NET MVC application to ADFS authentication的更多相关文章

  1. [转]Creating an Entity Framework Data Model for an ASP.NET MVC Application (1 of 10)

    本文转自:http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/creating-a ...

  2. [转]剖析ASP.Net MVC Application

    http://www.cnblogs.com/errorif/archive/2009/02/13/1389927.html 为了完全了解Asp.net MVC是怎样工作的,我将从零开始创建一个MVC ...

  3. 源码学习之ASP.NET MVC Application Using Entity Framework

    源码学习的重要性,再一次让人信服. ASP.NET MVC Application Using Entity Framework Code First 做MVC已经有段时间了,但看了一些CodePle ...

  4. Implementing HTTPS Everywhere in ASP.Net MVC application.

    Implementing HTTPS Everywhere in ASP.Net MVC application. HTTPS everywhere is a common theme of the ...

  5. [转]Sorting, Filtering, and Paging with the Entity Framework in an ASP.NET MVC Application (3 of 10)

    本文转自:http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/sorting-fi ...

  6. Active Directory Authentication in ASP.NET MVC 5 with Forms Authentication and Group-Based Authorization

    I know that blog post title is sure a mouth-full, but it describes the whole problem I was trying to ...

  7. Asp.Net MVC webAPI Token based authentication

    1. 需要安装的nuget <package id="Microsoft.AspNet.Identity.Core" version="2.2.1" ta ...

  8. MVC中使用EF(1):为ASP.NET MVC程序创建Entity Framework数据模型

    为ASP.NET MVC程序创建Entity Framework数据模型 (1 of 10) By  Tom Dykstra |July 30, 2013 Translated by litdwg   ...

  9. Mixing ASP.NET Webforms and ASP.NET MVC

    https://www.packtpub.com/books/content/mixing-aspnet-webforms-and-aspnet-mvc *********************** ...

随机推荐

  1. eclipse安装插件

    http://blog.csdn.net/powmxypow/article/details/11553395

  2. 自定义readonly属性的用法

    具有readonly特性的属性,相当于仅对外提供一个读取接口,在实现文件中是不会自动生成对应的成员变量的,因此使用方法为: // MyItem.h @interface MyItem : NSObje ...

  3. 一次APP测试的感悟

    项目经理担责任.产品担责任.测试只需要把测试中发现的问题展示出来.如实反应问题.谁担责任谁有权利决定上不上线.所以他们直接绕过了测试.APP的上线让我学到了很多东西,见识了很多东西,也感悟了很多.这是 ...

  4. java连接mysql步骤

    转自:http://www.cnblogs.com/hongten/archive/2011/03/29/1998311.html JDBC连接mysql数据库   •创建一个以JDBC连接数据库的程 ...

  5. js实现控制日期月份增减

    定义一个当前日期变量 var myDate = new Date(); 处理月份添加函数(date当前日期,num增加的月份[正数:增加月份,负数:减少月份])function addMonth(da ...

  6. Poj2186Popular Cows

    Popular Cows Time Limit: 2000MS   Memory Limit: 65536K Total Submissions: 31533   Accepted: 12817 De ...

  7. API Monitor v2.0 Alpha-r13 (32+64) 汉化版

    API Monitor v2.0 Alpha-r13 (32+64) 汉化版: 链接: https://pan.baidu.com/s/1jIx5znC 密码: 4538 本软件已最大化汉化,已经趋于 ...

  8. TortoiseSVN客户端重新设置用户名和密码

    TortoiseSVN客户端重新设置用户名和密码 在第一次使用TortoiseSVN从服务器CheckOut的时候,会要求输入用户名和密码,这时输入框下面有个选项是保存认证信息,如果选了这个选项,那么 ...

  9. SQL锁死解决办法

    SQL Server 表,记录 死锁解决办法 1. 先根据以下语句 查询 哪些表被 死锁,及 死锁的 spid SELECT request_session_id spid,OBJECT_NAME(r ...

  10. win7垃圾路径

    @echo off echo 正在清除系统垃圾文件,请稍等...... del /f /s /q %systemdrive%\*.tmp del /f /s /q %systemdrive%\*._m ...