MVC，ADFS 2.0和WIF 4.5問題

Question

我想在MVC 4.0項目中主動查詢ADFS。我們將擁有多個STS，並且無法通過我目前對「被動」認證配置的理解。

我能夠從ADFS服務器獲取令牌，但是當我嘗試讀取令牌時，出現加密錯誤消息以及「數據無效」的內部異常。

*有關ApplicationPool的建議不是我的問題。

EndpointAddress endpointAddress = new EndpointAddress(OtherStsAddress); 
UserNameWSTrustBinding binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); 
WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, endpointAddress); 
factory.Credentials.UserName.UserName = string.Concat(domain, "\\", username); 
factory.Credentials.UserName.Password = password; 
factory.TrustVersion = System.ServiceModel.Security.TrustVersion.WSTrust13; 
WSTrustChannel channel = (WSTrustChannel)factory.CreateChannel(); 
RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Symmetric); 
rst.AppliesTo = new EndpointReference(YourStsAddress);  
var genericToken = channel.Issue(rst) as GenericXmlSecurityToken;     
var handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers; 

// blowing up here 
var token = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml))); 

var identity = handlers.ValidateToken(token).First();  
var sessionToken = new SessionSecurityToken(new ClaimsPrincipal(identity)); 
FederatedAuthentication.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionToken, true); 
return token;  

例外如下：

System.InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false. ---> System.Security.Cryptography.CryptographicException: The data is invalid. 

    at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope) 
    at System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded) 
    --- End of inner exception stack trace --- 
    at System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded) 
    at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) 
    at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) 
    at System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader) 
    at Compass.SupplyChain.UI.Controllers.Registration.RegistrationController.RequestSecurityToken(String domain, String username, String password) 

任何方向將不勝感激，即使你沒有直接回答。我甚至不知道下一步該做什麼。谷歌搜索甚至沒有返回有用的結果在這一點上。或者，也許我只是在這一點上的智慧。

Answer 1

您可能正在採取最大複雜性的路線:-)。 「被動配置」有什麼問題？它應該只是工作。

有很多MVC 4/ADFS（或其他STS）的例子。

幾樣/資源來看待：

• http://msdn.microsoft.com/en-us/library/hh291061.aspx
• http://msdn.microsoft.com/en-us/library/ff423674.aspx
• http://msdn.microsoft.com/en-us/library/ff359105.aspx
• http://claimsid.codeplex.com/releases/view/68061