asp.net-mvc – 使用MVC应用程序中的Kentor Auth服务库将Google
发布时间:2020-12-16 09:42:20 所属栏目:asp.Net 来源:网络整理
导读:您好我正在使用kentor身份验证服务(Kentor身份验证服务是一个库,它为ASP.NET和IIS网站添加了SAML2P支持,允许该网站充当SAML2服务提供商(SP)).现在我正在使用谷歌作为用于测试我的应用程序的Identity Privider(使用owin midddleware进行身份验证).我也设置了G
您好我正在使用kentor身份验证服务(Kentor身份验证服务是一个库,它为ASP.NET和IIS网站添加了SAML2P支持,允许该网站充当SAML2服务提供商(SP)).现在我正在使用谷歌作为用于测试我的应用程序的Identity Privider(使用owin midddleware进行身份验证).我也设置了Google身份提供程序.但是当我运行应用程序时它给了我一个错误
“400.那是一个错误. 我使用过SingleSignOnServiceUrl = https://accounts.google.com/o/saml2/idp?idpid=xxxxxxxxx DiscoveryServiceUrl = https://accounts.google.com/o/saml2/idp?idpid=xxxxxxxxx 以上配置是否正确? 我在下面附加了App_start配置.来自Kentor auth服务库. public partial class Startup { // For more information on configuring authentication,please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Configure the db context,user manager and signin manager to use a single instance per request app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create); // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,LoginPath = new PathString("/Account/Login"),Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30),regenerateIdentity: (manager,user) => user.GenerateUserIdentityAsync(manager)) } }); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions()); } private static KentorAuthServicesAuthenticationOptions CreateAuthServicesOptions() { var spOptions = CreateSPOptions(); var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false) { SPOptions = spOptions }; var idp = new IdentityProvider(new EntityId("~/App_Data/GoogleIDPMetadata.xml"),spOptions) { AllowUnsolicitedAuthnResponse = true,Binding = Saml2BindingType.HttpRedirect,SingleSignOnServiceUrl = new Uri("https://accounts.google.com/o/saml2/idp?idpid=xxxxxxxxx") }; idp.SigningKeys.AddConfiguredKey( new X509Certificate2( HostingEnvironment.MapPath( "~/App_Data/Kentor.AuthServices.StubIdp.cer"))); authServicesOptions.IdentityProviders.Add(idp); // It's enough to just create the federation and associate it // with the options. The federation will load the metadata and // update the options with any identity providers found. new Federation("http://example.com/Federation",true,authServicesOptions); return authServicesOptions; } private static SPOptions CreateSPOptions() { var swedish = CultureInfo.GetCultureInfo("sv-se"); var organization = new Organization(); organization.Names.Add(new LocalizedName("Kentor",swedish)); organization.DisplayNames.Add(new LocalizedName("Kentor IT AB",swedish)); organization.Urls.Add(new LocalizedUri(new Uri("http://www.kentor.se"),swedish)); var spOptions = new SPOptions { EntityId = new EntityId("https://example.com/AuthServices"),ReturnUrl = new Uri("https://example.com/Account/ExternalLoginCallback"),DiscoveryServiceUrl = new Uri(https://accounts.google.com/o/saml2/idp?idpid=xxxxxxxxx"),Organization = organization }; var techContact = new ContactPerson { Type = ContactType.Technical }; techContact.EmailAddresses.Add("authservices@example.com"); spOptions.Contacts.Add(techContact); var supportContact = new ContactPerson { Type = ContactType.Support }; supportContact.EmailAddresses.Add("support@example.com"); spOptions.Contacts.Add(supportContact); var attributeConsumingService = new AttributeConsumingService("AuthServices") { IsDefault = true,}; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:someName") { FriendlyName = "Some Name",IsRequired = true,NameFormat = RequestedAttribute.AttributeNameFormatUri }); attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("Minimal")); spOptions.AttributeConsumingServices.Add(attributeConsumingService); spOptions.ServiceCertificates.Add(new X509Certificate2( AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Kentor.AuthServices.Tests.pfx")); return spOptions; } 为什么我重定向到google saml页面时出现400错误?提前致谢 解决方法
AFAIK Google不提供发现服务.从配置中删除DiscoveryServiceUrl.
您还应该清理配置,而不是使用示例应用程序的配置. 对于测试,您还可以使用项目中包含的Stub idp,该idp在http://stubidp.kentor.se处可用 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- asp.net-mvc – 发生异常后不要刷新会话 – NHibernate
- 获取一些401 – 访问我的ASP.NET MVC网站时未经授权的异常
- asp.net – 只有一次使用的功能是否应该在UserControl中?
- asp.net-mvc-3 – Ajax.BeginForm返回整页
- asp.net-mvc – 模型绑定和GET请求?
- asp.net – 如何在gridview中将navigateurl添加到超链接
- 将(单片)经典ASP迁移到ASP.Net
- asp.net – 访问.NET中的Web服务中的查询字符串(GET请求数组
- Advanced Architecture for ASP.NET Core Web API
- asp.net-mvc-3 – 当用户需要再次登录时,Ajax.ActionLink返