I recently built an ASP.NET application at work to help track internal use of our products. It's been really well received, but only a few days after launch one of our managers came over and asked if we could move the site to Azure so that people didn't need to be in the office or on the VPN. Getting sites published on Azure itself is fairly easy with the publishing tools in Visual Studio - but dealing with authentication itself is a bit more difficult. The site uses Windows authentication - not something suitable for use on Azure.

There seem to be a few options when migrating away:

* Windows Azure Active Directory (effectively replicate your AD into Azure)
* Azure Access Control Services (now deprecated)
* On premise ADFS (can be made public for authentication outside the office)

Given ACS is deprecated and we already had an ADFS server I went down
the ADFS route. It's not as easy as it should be - you can't change the
authentication option easily in VS 2013 after you've created a project.
Here's how I did it:

(Throughout the following, replace with the hostname of your application and with the hostname of your ADFS server)

Open your web.config file

Add the following to (or create if necessary) the configSections element:

<configSections>
<section name="system.identityModel"
type="System.IdentityModel.Configuration.SystemIdentityModelSection,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services"
type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=B77A5C561934E089" />
</configSections>

Add the following to (or create if necessary) the appSettings element:

<appSettings>
<add key="ida:FederationMetadataLocation"
value="https://<sts.local>/federationmetadata/2007-06/federationmetadata.xml"
/>
<add key="ida:Realm" value="https://<app.local>/" />
<add key="ida:AudienceUri" value="https://<app.local>/" />
</appSettings>

Change the authentication mode to None:

<authentication mode="None" />

Add the following configuration sections:

<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule"
type="System.IdentityModel.Services.WSFederationAuthenticationModule,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule"
type="System.IdentityModel.Services.SessionAuthenticationModule,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://<app.local>/" />
</audienceUris>
<securityTokenHandlers>
<add
type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
<remove
type="System.IdentityModel.Tokens.SessionSecurityTokenHandler,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry
type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry,
System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://<sts.local>/adfs/services/trust">
<keys>
<add thumbprint="<thumbprint>" />
</keys>
<validIssuers>
<add name="http://<sts.local>/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://<sts.local>/adfs/ls/"
realm="https://<app.local>/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>

Add the following references

System.IdentityModel
System.IdentityModel.Services
System.IdentityModel.Tokens.ValidatingIssuer

You now need to register your app with the ADFS server as a "relying party"

Migrating an ASP.NET MVC application to ADFS authentication的更多相关文章

  1. [转]Creating an Entity Framework Data Model for an ASP.NET MVC Application (1 of 10)

    本文转自:http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/creating-a ...

  2. [转]剖析ASP.Net MVC Application

    http://www.cnblogs.com/errorif/archive/2009/02/13/1389927.html 为了完全了解Asp.net MVC是怎样工作的,我将从零开始创建一个MVC ...

  3. 源码学习之ASP.NET MVC Application Using Entity Framework

    源码学习的重要性,再一次让人信服. ASP.NET MVC Application Using Entity Framework Code First 做MVC已经有段时间了,但看了一些CodePle ...

  4. Implementing HTTPS Everywhere in ASP.Net MVC application.

    Implementing HTTPS Everywhere in ASP.Net MVC application. HTTPS everywhere is a common theme of the ...

  5. [转]Sorting, Filtering, and Paging with the Entity Framework in an ASP.NET MVC Application (3 of 10)

    本文转自:http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/sorting-fi ...

  6. Active Directory Authentication in ASP.NET MVC 5 with Forms Authentication and Group-Based Authorization

    I know that blog post title is sure a mouth-full, but it describes the whole problem I was trying to ...

  7. Asp.Net MVC webAPI Token based authentication

    1. 需要安装的nuget <package id="Microsoft.AspNet.Identity.Core" version="2.2.1" ta ...

  8. MVC中使用EF(1):为ASP.NET MVC程序创建Entity Framework数据模型

    为ASP.NET MVC程序创建Entity Framework数据模型 (1 of 10) By  Tom Dykstra |July 30, 2013 Translated by litdwg   ...

  9. Mixing ASP.NET Webforms and ASP.NET MVC

    https://www.packtpub.com/books/content/mixing-aspnet-webforms-and-aspnet-mvc *********************** ...

随机推荐

  1. CentOS 6.5、6.7 设置静态 ip 教程

    CentOS 6.5.6.7 设置静态 ip 教程,可以ping通外网:www.baidu.com ①. 网络适配器(VMware Network Adapter) 选择NAT模式 ②. 设置静态 i ...

  2. 进制转换及API接口中的转换

    //十进制转二进制Console.WriteLine("十进制166的二进制表示: "+Convert.ToString(166, 2));//十进制转八进制Console.Wri ...

  3. jquey知识点整理

    jquery选择器 1.元素选择器: $("p") 选取 <p> 元素. $("p.intro") 选取所有 class="intro&q ...

  4. WEB前端html基础中的各类标签介绍

    2:html中有很多标签,这里列举十几种标签,有它们的用法及在使用过程中的注意事项!

  5. d20161012

    Milk-run 供应商信息维护 基本信息,电子围栏 外部订单导入[或者录入页面] 订单基本信息,载具信息,物料信息,备注(外协还是华为导入订单,订单内容是否内部投递一样,是否需要导入附加,导入后是否 ...

  6. Java SE 简介 & 环境变量的配置

    Java SE 简介 & 环境变量的配置 一.Java 技术的三个方向 Java 技术分为三个方向 javaSE( Java Platform Standard Edition 标准版)用来开 ...

  7. 文档对象模型(DOM)中的结点属性

    在文档对象模型中,每个结点都是一个对象.DOM结点有三个重要的属性:nodeName .nodeValue和nodeType,分别表示结点名称.结点的值和结点的类型 一.nodeName,结点名称,只 ...

  8. MySQL 安装 + 精简 + 配置

    MySQL 安装 + 精简 + 配置 下载安装 从官网 下载 Community Edition MySQL 5.6 版本 精简 根目录下只留 [data/bin/share] , my-defaul ...

  9. 轻松解决U盘中病毒,文件变成.exe执行文件的问题

    U盘中的文件都变成.exe可执行文件是怎么回事?告诉你,你的U盘中病毒了,那么如何清除呢?小编现在就告诉你几个简单方法,轻松就能搞定U盘中病毒问题. 方法1: (1)首先使用杀毒软件把U盘杀杀毒,除去 ...

  10. InfoCube信息立方体的优化

    声明:原创作品,转载时请注明文章来自SAP师太技术博客( 博/客/园www.cnblogs.com):www.cnblogs.com/jiangzhengjun,并以超链接形式标明文章原始出处,否则将 ...