Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
554 views
in Technique[技术] by (71.8m points)

asp.net mvc - Adding Claims-based authorization to MVC 3

I have an MVC app that I would like to add claims-based authorization to. In the near future we will use ADFS2 for federated identity but for now we will used forms auth locally.

Has anyone seen a tutorial or blog post about the best way to use WIF without an external identity provider?

I have seen the following but it is a year old now and I think there should be an easier solution:

http://geekswithblogs.net/shahed/archive/2010/02/05/137795.aspx

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You can use WIF in MVC without an STS.

I used the default MVC2 template, but it should work with MVC 3 too.

You need to:

1- Plug WIF 's SessionAuthenticationModule (web.config)

< add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

2- Wherever you authenticate your users, create a ClaimsPrincipal, add all required claims and then create a SessionSecurityToken. This is the LogOn Action in the AccountController created by MVC:

 [HttpPost]
        public ActionResult LogOn(LogOnModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                if (MembershipService.ValidateUser(model.UserName, model.Password))
                {
                    var cp = new ClaimsPrincipal();
                    cp.Identities.Add(new ClaimsIdentity());
                    IClaimsIdentity ci = (cp.Identity as IClaimsIdentity);

                    ci.Claims.Add(new Claim(ClaimTypes.Name, model.UserName));

                    SessionSecurityToken sst = FederatedAuthentication
                        .SessionAuthenticationModule
                        .CreateSessionSecurityToken(cp,
                                                    "MVC Test",
                                                    DateTime.
                                                        UtcNow,
                                                    DateTime.
                                                        UtcNow.
                                                        AddHours
                                                        (1),
                                                    true);


                    FederatedAuthentication.SessionAuthenticationModule.CookieHandler.RequireSsl = false;
                    FederatedAuthentication.SessionAuthenticationModule.AuthenticateSessionSecurityToken(sst, true);


                    //FormsService.SignIn(model.UserName, model.RememberMe);
                    if (!String.IsNullOrEmpty(returnUrl))
                    {
                        return Redirect(returnUrl);
                    }
                    else
                    {
                        return RedirectToAction("Index", "Home");
                    }
                }
                else
                {
                    ModelState.AddModelError("", "The user name or password provided is incorrect.");
                }
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }

I just added the required lines and left everything else the same. So some refactoring might be required.

From there on, your app will now receive a ClaimsPrincipal. All automatically handled by WIF.

The CookieHandler.RequiresSsl = false is only because it's a dev machine and I'm not deploying on IIS. It can be defined in configuration too.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...