通过WIF在ADFS中进行用户名/密码验证

I'm building a REST web service mobile apps authentication - take username and password, authenticate in ADFS (preferably through WIF if possible) and returns the SAML (2.0) token back to caller. It's used for authorization in later calls. I found many guides and blog posts about authentication through WIF in web apps and authorization in WCF when the token is passed in call but I haven't found any clue how to approach this scenario. Any suggestions how to start?

我正在构建一个REST Web服务移动应用程序身份验证 - 获取用户名和密码，在ADFS中进行身份验证（如果可能，最好通过WIF）并将SAML（2.0）令牌返回给调用者。它在以后的调用中用于授权。我发现了很多关于通过WIF在Web应用程序中进行身份验证的指南和博客文章，以及在调用时传递令牌时WCF中的授权，但我还没有找到任何线索如何处理这种情况。有什么建议怎么开始？

2 个解决方案

#1

What is your mobile client built on? If you can use WIF (as in have the .NET platform available), then WSTrustChannel is your friend.

你的移动客户端是什么构建的？如果你可以使用WIF（如有.NET平台可用），那么WSTrustChannel就是你的朋友。

Note: with REST services you often use lighter-weight token formats, like JWT. This is what Azure Mobile Services uses as an example.

注意：使用REST服务，您经常使用轻量级令牌格式，如JWT。这就是Azure Mobile Services用作示例的内容。

#2

You could use IdentityServer to mediate between the WS-Trust world and OAuth2/JWTs - see here: http://brockallen.com/2013/04/14/getting-json-web-tokens-jwts-from-adfs-via-thinktecture-identityservers-adfs-integration/

您可以使用IdentityServer在WS-Trust世界和OAuth2 / JWT之间进行调解 - 请参阅此处：http：//brockallen.com/2013/04/14/getting-json-web-tokens-jwts-from-adfs-via- thinktecture-identityservers-ADFS集成/

#1

What is your mobile client built on? If you can use WIF (as in have the .NET platform available), then WSTrustChannel is your friend.

你的移动客户端是什么构建的？如果你可以使用WIF（如有.NET平台可用），那么WSTrustChannel就是你的朋友。

Note: with REST services you often use lighter-weight token formats, like JWT. This is what Azure Mobile Services uses as an example.

注意：使用REST服务，您经常使用轻量级令牌格式，如JWT。这就是Azure Mobile Services用作示例的内容。

秒客网

通过WIF在ADFS中进行用户名/密码验证

2 个解决方案

#1

#2

#1

#2

相关文章