Migrating an ASP.NET MVC application to ADFS authentication
I recently built an ASP.NET application at work to help track internal use of our products. It's been really well received, but only a few days after launch one of our managers came over and asked if we could move the site to Azure so that people didn't need to be in the office or on the VPN. Getting sites published on Azure itself is fairly easy with the publishing tools in Visual Studio - but dealing with authentication itself is a bit more difficult. The site uses Windows authentication - not something suitable for use on Azure.
There seem to be a few options when migrating away:
* Windows Azure Active Directory (effectively replicate your AD into Azure)
* Azure Access Control Services (now deprecated)
* On premise ADFS (can be made public for authentication outside the office)
Given ACS is deprecated and we already had an ADFS server I went down
the ADFS route. It's not as easy as it should be - you can't change the
authentication option easily in VS 2013 after you've created a project.
Here's how I did it:
(Throughout the following, replace with the hostname of your application and with the hostname of your ADFS server)
Open your web.config file
Add the following to (or create if necessary) the configSections element:
<configSections>
<section name="system.identityModel"
type="System.IdentityModel.Configuration.SystemIdentityModelSection,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services"
type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=B77A5C561934E089" />
</configSections>
Add the following to (or create if necessary) the appSettings element:
<appSettings>
<add key="ida:FederationMetadataLocation"
value="https://<sts.local>/federationmetadata/2007-06/federationmetadata.xml"
/>
<add key="ida:Realm" value="https://<app.local>/" />
<add key="ida:AudienceUri" value="https://<app.local>/" />
</appSettings>
Change the authentication mode to None:
<authentication mode="None" />
Add the following configuration sections:
<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule"
type="System.IdentityModel.Services.WSFederationAuthenticationModule,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule"
type="System.IdentityModel.Services.SessionAuthenticationModule,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://<app.local>/" />
</audienceUris>
<securityTokenHandlers>
<add
type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
<remove
type="System.IdentityModel.Tokens.SessionSecurityTokenHandler,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry
type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry,
System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://<sts.local>/adfs/services/trust">
<keys>
<add thumbprint="<thumbprint>" />
</keys>
<validIssuers>
<add name="http://<sts.local>/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://<sts.local>/adfs/ls/"
realm="https://<app.local>/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
Add the following references
System.IdentityModel
System.IdentityModel.Services
System.IdentityModel.Tokens.ValidatingIssuer
You now need to register your app with the ADFS server as a "relying party"
Migrating an ASP.NET MVC application to ADFS authentication的更多相关文章
- [转]Creating an Entity Framework Data Model for an ASP.NET MVC Application (1 of 10)
本文转自:http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/creating-a ...
- [转]剖析ASP.Net MVC Application
http://www.cnblogs.com/errorif/archive/2009/02/13/1389927.html 为了完全了解Asp.net MVC是怎样工作的,我将从零开始创建一个MVC ...
- 源码学习之ASP.NET MVC Application Using Entity Framework
源码学习的重要性,再一次让人信服. ASP.NET MVC Application Using Entity Framework Code First 做MVC已经有段时间了,但看了一些CodePle ...
- Implementing HTTPS Everywhere in ASP.Net MVC application.
Implementing HTTPS Everywhere in ASP.Net MVC application. HTTPS everywhere is a common theme of the ...
- [转]Sorting, Filtering, and Paging with the Entity Framework in an ASP.NET MVC Application (3 of 10)
本文转自:http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/sorting-fi ...
- Active Directory Authentication in ASP.NET MVC 5 with Forms Authentication and Group-Based Authorization
I know that blog post title is sure a mouth-full, but it describes the whole problem I was trying to ...
- Asp.Net MVC webAPI Token based authentication
1. 需要安装的nuget <package id="Microsoft.AspNet.Identity.Core" version="2.2.1" ta ...
- MVC中使用EF(1):为ASP.NET MVC程序创建Entity Framework数据模型
为ASP.NET MVC程序创建Entity Framework数据模型 (1 of 10) By Tom Dykstra |July 30, 2013 Translated by litdwg ...
- Mixing ASP.NET Webforms and ASP.NET MVC
https://www.packtpub.com/books/content/mixing-aspnet-webforms-and-aspnet-mvc *********************** ...
随机推荐
- WCF、MongoDB
http://www.cnblogs.com/quietwalk/archive/2011/08/09/2132573.html http://www.cnblogs.com/huangxinchen ...
- 最近几天玩freebsd奋斗成果总结
玩freebsd发现真的很累人..相信如下问题第一次玩freebsd都遇到过: 安装系统默认只有文本模式,需要手工安装gnome,kde等desktop environment. Freebsd安装. ...
- 零配置简单搭建SpringMVC 项目
SpringMVC是比较常用的JavaWeb框架,非常轻便强悍,能简化Web开发,大大提高开发效率,在各种Web程序中广泛应用.本文采用Java Config的方式搭建SpringMVC项目,并对Sp ...
- command 'x86_64-linux-gnu-gcc' failed with exit status 1错误及解决方案
Ubuntu16.04安装Scrapy(pip install Scrapy)时提示错误如下: Failed building wheel for cryptography Running setup ...
- Cardboard开发教程:使用Unity制作Cardboard全景图片浏览器
这两年,虚拟现实(VR)领域很火,很多人认为这将会是下一个手机般改变人们生活的技术.目前全球最领先的还是Facebook旗下的Oculus,HTC VIVE,以及最流行的Cardboard.国内多家厂 ...
- CocoaPods的安装和使用
一. CocoaPods简介 CocoaPods是一个用来帮助我们管理第三方依赖库的工具.在开发iOS应用时,会经常使用第三方类库,比如SDWebImage.AFNetworking等等,手动的下载与 ...
- VMWare虚拟机设置固定ip上网方法
转自:http://blog.csdn.net/cyberrusher/article/details/7269795 1. 在VMWare工具栏中打开:编辑--->虚拟机网络编辑器, 打开VM ...
- 浅析word-break work-wrap区别
word-break:[断词] 定义:规定自动换行的处理方法. 注:通过word-break使用,可以实现让浏览器在任意位置换行. 语法:word-break: normal|break-all| ...
- MVC文章汇总
http://www.cnblogs.com/yaozhenfa/category/541420.html http://www.cnblogs.com/yubaolee/p/3269043.html ...
- iOS - SQLite 数据库存储
1.SQLite 数据库 SQLite 是一种轻型的嵌入式数据库,安卓和 iOS 开发使用的都是 SQLite 数据库.它占用资源非常低,在嵌入式设备中,可能需要几百 K 的内存数据就够了.他的处理速 ...