0
我可以禁用請求安全令牌響應的加密並僅管理簽名嗎?在Windows Identity Foundation中禁用加密
我創建了一個基於WIF SDK的演示擴展Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService的自定義STS,並且我無法設置不使用加密的設置。
A
回答
0
我剛在Visual Studio中運行「添加STS參考」嚮導,選擇創建新STS的選項。該工具生成的模板確實增加令牌的加密支持,但如果沒有證書提供,thne它被禁用:(我將所有默認評論)
protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
{
ValidateAppliesTo(request.AppliesTo);
//
// Note: The signing certificate used by default has a Distinguished name of "CN=STSTestCert",
// and is located in the Personal certificate store of the Local Computer. Before going into production,
// ensure that you change this certificate to a valid CA-issued certificate as appropriate.
//
Scope scope = new Scope(request.AppliesTo.Uri.OriginalString, SecurityTokenServiceConfiguration.SigningCredentials);
string encryptingCertificateName = WebConfigurationManager.AppSettings[ "EncryptingCertificateName" ];
if (!string.IsNullOrEmpty(encryptingCertificateName))
{
// Important note on setting the encrypting credentials.
// In a production deployment, you would need to select a certificate that is specific to the RP that is requesting the token.
// You can examine the 'request' to obtain information to determine the certificate to use.
scope.EncryptingCredentials = new X509EncryptingCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, encryptingCertificateName));
}
else
{
// If there is no encryption certificate specified, the STS will not perform encryption.
// This will succeed for tokens that are created without keys (BearerTokens) or asymmetric keys.
scope.TokenEncryptionRequired = false;
}
// Set the ReplyTo address for the WS-Federation passive protocol (wreply). This is the address to which responses will be directed.
// In this template, we have chosen to set this to the AppliesToAddress.
scope.ReplyToAddress = scope.AppliesToAddress;
return scope;
}
0
我創建了一個CustomSecurityHandler並覆蓋其GetEncryptingCredentials方法類似下面的行返回空值和它的作品:
public class MyCustomSecurityTokenHandler : Saml11SecurityTokenHandler
{
public MyCustomSecurityTokenHandler(): base() {}
protected override EncryptingCredentials GetEncryptingCredentials(SecurityTokenDescriptor tokenDescriptor)
{
return null;
}
}
然後在SecurityTokenService類我重寫GetSecurityTokenHandler返回自定義類創建前:
protected override SecurityTokenHandler GetSecurityTokenHandler(string requestedTokenType)
{
MyCustomSecurityTokenHandler tokenHandler = new MyCustomSecurityTokenHandler();
return tokenHandler;
}
相關問題
- 1. 在Windows Identity Foundation中禁用任何加密技術
- 2. Windows Identity Foundation
- 3. 在Docker中啓用Windows Identity Foundation
- 4. Windows Presentation Foundation(WPF)+ Windows Identity Foundation(WIF)
- 5. Windows Identity Foundation - FedAuth cookie過期
- 6. EPiServer和Windows Identity Foundation(WIF)
- 7. Windows Identity Foundation 4.5配置
- 8. 爲什麼WIF(Windows Identity Foundation)?
- 9. Windows Identity Foundation示例MVC應用程序
- 10. 在PHP上實現Windows Identity Foundation
- 11. 如何使用Windows Identity Foundation在服務器上存儲用戶數據而不是Cookie使用Windows Identity Foundation
- 12. 有關在Visual Studio Express中使用Windows Identity Foundation的提示?
- 13. 在Windows Identity Foundation中使用自定義RoleProvider - STS
- 14. Windows Identity Foundation System.Xml.XmlException:文件意外結束
- 15. 安裝不帶Internet的Windows Identity Foundation 3.5?
- 16. 將Windows Identity Foundation與NServiceBus集成
- 17. 在WCF Web Api中使用Identity Foundation
- 18. Windows Identity Foundation - 運行Identity Developer培訓套件的問題
- 19. Window Identity Foundation vs DotnetOpenAuth
- 20. 如何在使用Windows Identity Foundation時將默認主頁添加到依賴方?
- 21. 使用Windows Identity Foundation的WCF身份驗證和授權
- 22. 使用Windows Identity Foundation進行單點登錄
- 23. 使用Windows Identity Foundation重定向到自定義登錄頁面
- 24. 使用Windows Identity Foundation(STS)的WCF-Rest安全性
- 25. Windows Identity Foundation如何正確使用聯合註銷?
- 26. Windows Identity Foundation中的受信任發起者
- 27. 在Azure網站上通過Git安裝Windows Identity Foundation
- 28. 無法在Win7上安裝Windows Identity Foundation(WIF)
- 29. 在Electron中禁用Windows密鑰
- 30. 如何在Identity 2.0中禁用用戶?
我以爲加密被默認禁用? – 2011-04-03 22:45:55
不,斷言使用配置的加密憑證進行默認加密。如果我不提供有關證書的信息,則拋出異常。 – elfebien 2011-04-04 14:32:06