2
我有一個Silverlight應用程序,它使用Identity Training Kit中的WSTrust實現從STS請求SAML令牌。如何使用ASP.NET Web API在授權標頭中提取和驗證SAML令牌?
private void Application_Startup(object sender, StartupEventArgs e)
{
WSTrustClient wsTrustClient = new WSTrustClient(new WSTrustBindingUsernameMixed(), new EndpointAddress("https://localhost/SecurityTokenService/Service.svc/IWSTrust13"), new UsernameCredentials("user", "password"));
wsTrustClient.IssueCompleted += new EventHandler<IssueCompletedEventArgs>(wsTrustClient_IssueCompleted);
RequestSecurityToken rst = new RequestSecurityToken()
{
AppliesTo = new EndpointAddress("https://localhost/SilverlightApplication.Web")
};
wsTrustClient.IssueAsync(rst);
}
private void wsTrustClient_IssueCompleted(object sender, IssueCompletedEventArgs e)
{
this.Resources.Add("SamlToken", e.Result);
this.RootVisual = new MainPage();
}
Silverlight的應用程序,然後把SAML令牌在我的ASP.NET Web API服務的請求的Authorization頭;再次使用相同的WSTrust實現。
string uri ="https://localhost/WebApi/api/resource";
WebRequest request = WebRequest.Create(uri);
request.Method = "GET";
RequestSecurityTokenResponse rstr = (RequestSecurityTokenResponse)Application.Current.Resources["SamlToken"];
request.Headers[HttpRequestHeader.Authorization] = "SAML " + rstr.RequestedSecurityToken.RawToken;
request.BeginGetResponse((result) =>
{
using (WebResponse response = request.EndGetResponse(result))
{
// Process Response
}
}, null);
首先,我要對這個正確的方式?其次,如果是這樣,我如何讓我的ASP.NET Web API服務檢測到SAML令牌並將其轉換爲IClaimsPrincipal
服務器端?
謝謝。我在Dominick Baier的博客上花了很多時間,他大量使用他自己的Thinktecture框架,但我永遠無法知道如何自己做。至少現在我可以檢查他的源代碼,看看他做了什麼。 – 2012-03-19 21:00:01