Migrating an ASP.NET MVC application to ADFS authentication

2024-04-09 20:06•php•阅读 4825

I recently built an ASP.NET application at work to help track internal use of our products. It's been really well received, but only a few days after launch one of our managers came over and asked if we could move the site to Azure so that people didn't need to be in the office or on the VPN. Getting sites published on Azure itself is fairly easy with the publishing tools in Visual Studio - but dealing with authentication itself is a bit more difficult. The site uses Windows authentication - not something suitable for use on Azure.

There seem to be a few options when migrating away:

* Windows Azure Active Directory (effectively replicate your AD into Azure)

* Azure Access Control Services (now deprecated)

* On premise ADFS (can be made public for authentication outside the office)

Given ACS is deprecated and we already had an ADFS server I went down the ADFS route. It's not as easy as it should be - you can't change the authentication option easily in VS 2013 after you've created a project. Here's how I did it:

(Throughout the following, replace with the hostname of your application and with the hostname of your ADFS server)

Open your web.config file

Add the following to (or create if necessary) the configSections element:

</configSections>

Add the following to (or create if necessary) the appSettings element:

<add key="ida:FederationMetadataLocation" value="https://<sts.local>/federationmetadata/2007-06/federationmetadata.xml" />

</appSettings>

Change the authentication mode to None:

Add the following configuration sections:

<system.webServer>

</modules>

</system.webServer>

<system.identityModel>

</audienceUris>

</securityTokenHandlers>

<authority name="http://<sts.local>/adfs/services/trust">

<keys>

</keys>

<add name="http://<sts.local>/adfs/services/trust" />

</validIssuers>

</authority>

</issuerNameRegistry>

</identityConfiguration>

</system.identityModel>

<system.identityModel.services>

<wsFederation passiveRedirectEnabled="true" issuer="https://<sts.local>/adfs/ls/" realm="https://<app.local>/" requireHttps="true" />

</federationConfiguration>

</system.identityModel.services>

Add the following references

System.IdentityModel

System.IdentityModel.Services

System.IdentityModel.Tokens.ValidatingIssuer

You now need to register your app with the ADFS server as a "relying party"

上一篇 »ASP.NET Core [4]: Authentication，笔记
下一篇 »如何在windows XP IIS 5.1 上部署 Asp.net MVC？

Migrating an ASP.NET MVC application to ADFS authentication

相关推荐

[翻译] ASP.NET MVC Tip #12 – 仿制控制器上下文

Basic Authentication with Asp.Net WebAPI

asp.net authentication

ASP.NET MVC 可以扩展的13个地方

ASP.NET MVC Form身份验证

How to set custom JsonSerializerSettings for Json.NET in MVC 4 Web API? 控制ASP.NET Web API 调用频率

matlab7“This application has requested the Runtime to terminate it in an unusual way Please contact the applicatin's support team for more...”

Unity Application Block 與 ASP.NET MVC 學習資源整理 [转]