手動設定WIF

Mar 24, 2014

3 mins read

Claims Base
Claims base
首先引用System.IdentityModel和System.IdentityModel.Service這兩個元件
[![](http://1.bp.blogspot.com/-JeEQBHGiBCA/Uy-gIfqaWrI/AAAAAAAABHg/CKFEhn8Di6I/s1600/01.add+component.png)](http://1.bp.blogspot.com/-JeEQBHGiBCA/Uy-gIfqaWrI/AAAAAAAABHg/CKFEhn8Di6I/s1600/01.add+component.png)

再來到web.config加入幾個設定 先加入這兩個元件的configSection

<configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
再來在System.Web區段中,把網站的驗證模組設定None和不允許匿名登入 
<system.web>
    <authentication mode="None" />
    <authorization>
        <deny users="?" />
    </authorization>
    <compilation debug="true" targetFramework="4.5"/>
    <httpRuntime targetFramework="4.5"/>
</system.web>
再來在System.webServer區段中,啟用兩個HttpModule 
<system.webServer>
    <modules>
        <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
        <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
    </modules>
</system.webServer>
最後加入WIF的設定 
<system.identityModel>
    <identityConfiguration>
        <audienceUris>
            <add value="http://localhost:12345/" />
        </audienceUris>
        <securityTokenHandlers>
            <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
            <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        </securityTokenHandlers>
        <certificateValidation certificateValidationMode="None" />
        <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
            <authority name="MySTS">
                <keys>
                    <add thumbprint="簽署憑證的姆指紋" />
                </keys>
                <validIssuers>
                    <add name="MySTS" />
                </validIssuers>
            </authority>
        </issuerNameRegistry>
    </identityConfiguration>
</system.identityModel>
<system.identityModel.services>
    <federationConfiguration>
        <cookieHandler requireSsl="false" />
        <wsFederation passiveRedirectEnabled="true"
                        issuer="http://sts.developer.idv.tw/"
                        realm="http://localhost:51337/"
                        requireHttps="false" />
    </federationConfiguration>
</system.identityModel.services>
在這裡有個設定,需要加入一個NuGet參考 System.IdentityModel.Tokens.ValidatingIssuerNameRegistry
[![](http://4.bp.blogspot.com/-5jv6U3EKwtU/Uy-iKggj3KI/AAAAAAAABHs/nGIR9YSbP5k/s1600/02.package.png)](http://4.bp.blogspot.com/-5jv6U3EKwtU/Uy-iKggj3KI/AAAAAAAABHs/nGIR9YSbP5k/s1600/02.package.png)

Sharing is caring!