I recently built an ASP.NET application at work to help track internal use of our products. It's been really well received, but only a few days after launch one of our managers came over and asked if we could move the site to Azure so that people didn't need to be in the office or on the VPN. Getting sites published on Azure itself is fairly easy with the publishing tools in Visual Studio - but dealing with authentication itself is a bit more difficult. The site uses Windows authentication - not something suitable for use on Azure.

There seem to be a few options when migrating away:

* Windows Azure Active Directory (effectively replicate your AD into Azure)
* Azure Access Control Services (now deprecated)
* On premise ADFS (can be made public for authentication outside the office)

Given ACS is deprecated and we already had an ADFS server I went down
the ADFS route. It's not as easy as it should be - you can't change the
authentication option easily in VS 2013 after you've created a project.
Here's how I did it:

(Throughout the following, replace with the hostname of your application and with the hostname of your ADFS server)

Open your web.config file

Add the following to (or create if necessary) the configSections element:

<configSections>
<section name="system.identityModel"
type="System.IdentityModel.Configuration.SystemIdentityModelSection,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services"
type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=B77A5C561934E089" />
</configSections>

Add the following to (or create if necessary) the appSettings element:

<appSettings>
<add key="ida:FederationMetadataLocation"
value="https://<sts.local>/federationmetadata/2007-06/federationmetadata.xml"
/>
<add key="ida:Realm" value="https://<app.local>/" />
<add key="ida:AudienceUri" value="https://<app.local>/" />
</appSettings>

Change the authentication mode to None:

<authentication mode="None" />

Add the following configuration sections:

<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule"
type="System.IdentityModel.Services.WSFederationAuthenticationModule,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule"
type="System.IdentityModel.Services.SessionAuthenticationModule,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://<app.local>/" />
</audienceUris>
<securityTokenHandlers>
<add
type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
<remove
type="System.IdentityModel.Tokens.SessionSecurityTokenHandler,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry
type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry,
System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://<sts.local>/adfs/services/trust">
<keys>
<add thumbprint="<thumbprint>" />
</keys>
<validIssuers>
<add name="http://<sts.local>/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://<sts.local>/adfs/ls/"
realm="https://<app.local>/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>

Add the following references

System.IdentityModel
System.IdentityModel.Services
System.IdentityModel.Tokens.ValidatingIssuer

You now need to register your app with the ADFS server as a "relying party"

Migrating an ASP.NET MVC application to ADFS authentication的更多相关文章

  1. [转]Creating an Entity Framework Data Model for an ASP.NET MVC Application (1 of 10)

    本文转自:http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/creating-a ...

  2. [转]剖析ASP.Net MVC Application

    http://www.cnblogs.com/errorif/archive/2009/02/13/1389927.html 为了完全了解Asp.net MVC是怎样工作的,我将从零开始创建一个MVC ...

  3. 源码学习之ASP.NET MVC Application Using Entity Framework

    源码学习的重要性,再一次让人信服. ASP.NET MVC Application Using Entity Framework Code First 做MVC已经有段时间了,但看了一些CodePle ...

  4. Implementing HTTPS Everywhere in ASP.Net MVC application.

    Implementing HTTPS Everywhere in ASP.Net MVC application. HTTPS everywhere is a common theme of the ...

  5. [转]Sorting, Filtering, and Paging with the Entity Framework in an ASP.NET MVC Application (3 of 10)

    本文转自:http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/sorting-fi ...

  6. Active Directory Authentication in ASP.NET MVC 5 with Forms Authentication and Group-Based Authorization

    I know that blog post title is sure a mouth-full, but it describes the whole problem I was trying to ...

  7. Asp.Net MVC webAPI Token based authentication

    1. 需要安装的nuget <package id="Microsoft.AspNet.Identity.Core" version="2.2.1" ta ...

  8. MVC中使用EF(1):为ASP.NET MVC程序创建Entity Framework数据模型

    为ASP.NET MVC程序创建Entity Framework数据模型 (1 of 10) By  Tom Dykstra |July 30, 2013 Translated by litdwg   ...

  9. Mixing ASP.NET Webforms and ASP.NET MVC

    https://www.packtpub.com/books/content/mixing-aspnet-webforms-and-aspnet-mvc *********************** ...

随机推荐

  1. 日文xp系统中 日文键盘模式转英式键盘模式

    键盘设备驱动早在Windows XP安装时就已经安装好了,但是系统却将日式键盘误识成了美式标准键盘,这会出现一些标点符号的实际输入与键盘标注不符的问题,对于用惯了英文键盘的人可 以盲打而不去理会,但对 ...

  2. wex5 实战 图片触摸放大移动插件easyzoom的使用与集成

    一 前言 客户的需求就是上帝的召唤. 作为一个开发人员,或者软件从业者,客户的要求就是准则. 遇到一个客户,让我做一个图片放大,但是移动拖拽要定位精准.之前研究过一个hammer插件,多次尝试放大后的 ...

  3. Bash:-:-通过awk获取文本变量的赋值

    txt格式: ... logport='13000' sessionport='23000' ... ######################## 只获取logport的赋值13000 awk ' ...

  4. python:字符串转换成字节的三种方式

    str='zifuchuang' 第一种 b'zifuchuang'第二种bytes('zifuchuang',encoding='utf-8')第三种('zifuchuang').encode('u ...

  5. OFDM学习之旅

    前言: 这些日子开始准备搞OFDM之类的,未动先行matlab仿真,这里我会慢慢更新,基本上是自己学习感悟吧<未完待续> 一.PRBS PRBS 是 Pseudo Random Binar ...

  6. Angular--页面间切换及传值的四种方法

    1. 基于ui-router的页面跳转传参(1) 在AngularJS的app.js中用ui-router定义路由,比如现在有两个页面,一个页面(producers.html)放置了多个produce ...

  7. NetBean常用快捷键(MAC中)

    shift+cmd+i:导入包 shift+alt+上:复制当前行,鼠标留在上一行   shift+alt+下:复制当前行,鼠标留在下一行 shift+ctrl+上:将选中行向上移动    shift ...

  8. EF事务嵌套

    EF中采用的是数据上下文DbContext,当针对数据库的所有操作共用一个数据上下文的时候,会使用同一个连接对象,因此连接打开一次,最后Save的时候关闭连接,避免了频繁的创建连接对象打开关闭,这在一 ...

  9. python网络编程-socket

    python提供了两个socket模块 Socket,它提供了标准的BSD Sockets API SocketServer,它提供了服务器中心类,可以简化网络服务器的开发 下面先说socket模块 ...

  10. Winform MDI窗体容器,权限以及简单通讯

    MDI窗体容器: 一般来说,窗体是顶级容器,不允许放在其他任何容器内,但是如果将某个窗体的IsMdiContainer属性设置为True,那此窗体就会成为窗体容器,可以在其中放入其他窗体 在内部的窗体 ...