2014年3月24日 星期一

手動設定WIF

首先引用System.IdentityModel和System.IdentityModel.Service這兩個元件


再來到web.config加入幾個設定
先加入這兩個元件的configSection
<configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>

再來在System.Web區段中,把網站的驗證模組設定None和不允許匿名登入
<system.web>
    <authentication mode="None" />
    <authorization>
        <deny users="?" />
    </authorization>
    <compilation debug="true" targetFramework="4.5"/>
    <httpRuntime targetFramework="4.5"/>
</system.web>

再來在System.webServer區段中,啟用兩個HttpModule
<system.webServer>
    <modules>
        <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
        <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
    </modules>
</system.webServer>

最後加入WIF的設定
<system.identityModel>
    <identityConfiguration>
        <audienceUris>
            <add value="http://localhost:12345/" />
        </audienceUris>
        <securityTokenHandlers>
            <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
            <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        </securityTokenHandlers>
        <certificateValidation certificateValidationMode="None" />
        <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
            <authority name="MySTS">
                <keys>
                    <add thumbprint="簽署憑證的姆指紋" />
                </keys>
                <validIssuers>
                    <add name="MySTS" />
                </validIssuers>
            </authority>
        </issuerNameRegistry>
    </identityConfiguration>
</system.identityModel>
<system.identityModel.services>
    <federationConfiguration>
        <cookieHandler requireSsl="false" />
        <wsFederation passiveRedirectEnabled="true"
                        issuer="http://sts.developer.idv.tw/"
                        realm="http://localhost:51337/"
                        requireHttps="false" />
    </federationConfiguration>
</system.identityModel.services>

在這裡有個設定,需要加入一個NuGet參考
System.IdentityModel.Tokens.ValidatingIssuerNameRegistry