问题描述
目前正在与ClaimsAuthorizationManager的身份问题作斗争。我已经在asp.net(iis)中托管了wcf服务,并使用wif 4.5和自定义
声明授权管理器保护它,但问题是我在调用ClaimsAuthorizationManager.CheckAccess时无法获得ClaimsIdentity,而是Identity键入GenericIdentity。如果我设置一个ClaimsAuthenticationManager ClamsIdentity按预期工作。事件
设置两者,但ClaimsAuthorizationManager无法正常工作。似乎在ClaimsIdentity构建之前调用它。任何想法?
<service name="Service" behaviorConfiguration="ActiveSTSEndpointBehavior">
<endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="Active" contract="IService" />
</service>
<behavior name="ActiveSTSEndpointBehavior">
<!--<federatedServiceHostConfiguration />-->
<serviceCredentials useIdentityConfiguration="true">
<serviceCertificate x509FindType="FindByThumbprint" findValue="[cert]" storeLocation="LocalMachine" storeName="My" />
</serviceCredentials>
<serviceAuthorization principalPermissionMode="Always" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<ws2007FederationHttpBinding>
<binding name="Active" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Message">
<message establishSecurityContext="false" negotiateServiceCredential="false" />
</security>
</binding>
</ws2007FederationHttpBinding>
<system.identityModel>
<identityConfiguration> <!--saveBootstrapTokens="true"-->
<claimsAuthorizationManager type="ProjectName.DefaultClaimsAuthorizationManager, ProjectName"/>
<claimsAuthenticationManager type="ProjectName.DefaultClaimsAuthenticationManager, ProjectName"/>
public override bool CheckAccess(AuthorizationContext context)
{
var identity = context.Principal.Identity as ClaimsIdentity;
if (identity == null)
{
return false;
}
var usernameClaim = identity.Claims.SingleOrDefault(item => item.Type == System.IdentityModel.Claims.ClaimTypes.Upn);
if (usernameClaim == null)
{
return false;
}
< service behaviorconfiguration =" ActiveSTSEndpointBehavior" name =" Service">< endpoint address =""结合= QUOT; ws2007FederationHttpBinding" bindingconfiguration = QUOT;活动"合同= QUOT; IService">< /端点>< /服务>
< behavior name =" ActiveSTSEndpointBehavior">< / behavior>< system.identitymodel>< identityconfiguration>< / identityconfiguration>< /system.identitymodel>
<service behaviorconfiguration="ActiveSTSEndpointBehavior" name="Service"><endpoint address="" binding="ws2007FederationHttpBinding" bindingconfiguration="Active" contract="IService"></endpoint></service> <behavior name="ActiveSTSEndpointBehavior"></behavior><system.identitymodel><identityconfiguration></identityconfiguration></system.identitymodel>
推荐答案
<add name="ClaimsAuthorizationModule" type="System.IdentityModel.Services.ClaimsAuthorizationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
这篇关于wif 4.5 ClaimsAuthorizationManager ClaimsIdentity的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!