如何根据Active Directory联合服务(ADFS)验证用户名和密码

本文关键字:验证 ADFS 用户 密码 服务 何根 Active Directory | 更新日期: 2023-09-27 18:05:41

我想为。net控制台应用程序或Web页面提供一个用户名和密码,以对Active Directory联邦服务进行身份验证。此时,我所拥有的只有https://mycompany.com/FederationMetadata/2007-06/FederationMetadata.xml,还有要测试的有效用户名和密码。

我看了一些文章,例如:https://dotnetcodr.com/2013/02/28/claims-based-authentication-in-mvc4-with-net4-5-c-part-2-storing-authentication-data-in-an-authentication-session/

我检查后发现,我们必须在ADFS中添加"Rely Party",才能使用ADFS作为认证存储。

在第二链路中,它使用Federated IdP。相反,我想使用一些控制台应用程序来提供用户名和密码并获得身份验证。但我不清楚,在哪里提供用户名和密码,在控制台应用程序。任何帮助都是感激的!

如何根据Active Directory联合服务(ADFS)验证用户名和密码

下面的代码为我工作

using System.IdentityModel.Tokens;
using Microsoft.IdentityModel.Protocols.WSTrust;
using System.ServiceModel;
using System.ServiceModel.Security;
using WSTrustChannel = Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel;
using WSTrustChannelFactory = Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory;

namespace SOS.Tools.AdfsConnectionChecker
{
    internal class Token
    {
        public static SecurityToken GetToken(string username, string password, string tokenIssuer, string appliesTo, out RequestSecurityTokenResponse rsts)
        {
            WS2007HttpBinding binding = new WS2007HttpBinding();
            binding.Security.Message.EstablishSecurityContext = false;
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
            binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
            binding.Security.Mode = SecurityMode.TransportWithMessageCredential;

            var tokenIssuerUrlFormat = "https://{0}/adfs/services/trust/13/usernamemixed";
            var tokenIssuerUrl = string.Format(tokenIssuerUrlFormat, tokenIssuer);

            WSTrustChannelFactory trustChannelFactory =
                new WSTrustChannelFactory(binding, new EndpointAddress(tokenIssuerUrl));
            trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;
            trustChannelFactory.Credentials.UserName.UserName = username;
            trustChannelFactory.Credentials.UserName.Password = password;
            trustChannelFactory.ConfigureChannelFactory();

            // Create issuance issuance and get security token 
            RequestSecurityToken requestToken = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue);
            requestToken.AppliesTo = new EndpointAddress(appliesTo);
            WSTrustChannel tokenClient = (WSTrustChannel) trustChannelFactory.CreateChannel();
            SecurityToken token = tokenClient.Issue(requestToken, out rsts);
            return token;
        }
}
  • 用户名 -域用户名(例如Name.FamalyName@DomainName.local)
  • 密码 -域用户密码
  • tokenIssuer - ADFS URL (adfs.somedomain.com)。ADFS应该连接到创建了用户名的活动目录
  • appliesTo -你想要令牌的应用程序(例如https://apps.anydomain.com/WcfService1)。它必须在tokenIssuer上配置为依赖方。
相关文章: