在C#.NET 4.5中使用SAML 2.0

时间:2021-04-24 03:17:29

I am trying to use pure .NET (no external classes, controls, helpers) to create a SAML message. I found some code on the interwebs; this is what I have:

我试图使用纯.NET(没有外部类,控件,帮助程序)来创建SAML消息。我在互联网上找到了一些代码;这就是我所拥有的:

private static SamlAssertion createSamlAssertion()
{
    // Here we create some SAML assertion with ID and Issuer name. 
    SamlAssertion assertion = new SamlAssertion();
    assertion.AssertionId = "AssertionID";
    assertion.Issuer = "ISSUER";
    // Create some SAML subject. 
   SamlSubject samlSubject = new SamlSubject();
    samlSubject.Name = "My Subject";

    // 
    // Create one SAML attribute with few values. 
    SamlAttribute attr = new SamlAttribute();
    attr.Namespace = "http://daenet.eu/saml";
    attr.AttributeValues.Add("Some Value 1");
    //attr.AttributeValues.Add("Some Value 2");

    attr.Name = "My ATTR Value";

    // 
    // Now create the SAML statement containing one attribute and one subject. 
    SamlAttributeStatement samlAttributeStatement = new SamlAttributeStatement();
    samlAttributeStatement.Attributes.Add(attr);
    samlAttributeStatement.SamlSubject = samlSubject;

    // Append the statement to the SAML assertion. 
    assertion.Statements.Add(samlAttributeStatement);

    //return assertion
    return assertion;

}

and here is the code I am using to get the XML:

这是我用来获取XML的代码:

var sb = new StringBuilder();
var settings = new XmlWriterSettings
{
    OmitXmlDeclaration = true,
    Encoding = Encoding.UTF8
};
using (var stringWriter = new StringWriter(sb))
using (var xmlWriter = XmlWriter.Create(stringWriter, settings))
using (var dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter(xmlWriter))
{
    var samlAssertSerializer = new SamlSerializer();
    var secTokenSerializer = new WSSecurityTokenSerializer();
    assertion.WriteXml(
        dictionaryWriter,
        samlAssertSerializer,
        secTokenSerializer
    );
}

This seemed like it was going to work. However, the message is produces is SAML version 1.0 - I need to work with 2.0.

这看起来好像会起作用。但是,生成的消息是SAML版本1.0 - 我需要使用2.0。

I know I can do some sloppy work and replace some values here and there and this system would work fine. There are very little differences in the message, version being the most important. I am having a hard time finding information on SAML 2.0 for .NET. I do know SAML 2.0 was implemented into .NET recently. I am using Framework 4.5 so I should have access to it. The MSDN page for SamlAssertion says the "majorVersion" is a constant, always set to '1'.

我知道我可以做一些草率的工作并在这里和那里替换一些值,这个系统可以正常工作。消息中的差异很小,版本是最重要的。我很难找到有关SAML 2.0 for .NET的信息。我知道最近在.NET中实现了SAML 2.0。我正在使用Framework 4.5,所以我应该可以访问它。 SamlAssertion的MSDN页面说“majorVersion”是一个常量,总是设置为'1'。

I'm guessing there is another namespace I could be working with, but I haven't found it. My requirement is just to get the XML SAML message. I don't need to sign with X509, I don't need the token. Just the SAML XML message.

我猜我可以使用另一个命名空间,但我还没找到它。我的要求就是获取XML SAML消息。我不需要用X509签名,我不需要令牌。只是SAML XML消息。

Again, this is a question trying to find out how to do this in native .NET. I have found several SAML helpers and lots of code on how to build the message manually- I'm trying to find the CORRECT solution, if it exists.

同样,这是一个试图找出如何在本机.NET中执行此操作的问题。我找到了几个SAML帮助程序和许多关于如何手动构建消息的代码 - 我正在尝试找到CORRECT解决方案,如果它存在的话。

EDIT: I have found I can use Saml2Assertion. However, I am unable to find a way to get the SAML message written to xml now.

编辑:我发现我可以使用Saml2Assertion。但是,我现在无法找到将SAML消息写入xml的方法。

EDIT2: I have found how to write the Saml2Assersion object to xml. Sadly, it does not keep the SAML syntax, it writes in pure XML without <saml> tags.

EDIT2:我已经找到了如何将Saml2Assersion对象写入xml。遗憾的是,它没有保留SAML语法,它在没有 标签的纯XML中编写。

2 个解决方案

#1


32  

.NET 4.5 has WIF (Windows Identity Foundation) built into it. This now supports SAML 2.0. To make use of SAML 2.0, just use .NET 4.5. The class name is Saml2XXXX (where XXXX is the token, assertion, serializer etc) Here is a link to SAML 2.0 Assertion: http://msdn.microsoft.com/en-us/library/microsoft.identitymodel.tokens.saml2.saml2assertion.aspx

.NET 4.5内置了WIF(Windows Identity Foundation)。这现在支持SAML 2.0。要使用SAML 2.0,只需使用.NET 4.5。类名是Saml2XXXX(其中XXXX是令牌,断言,序列化器等)以下是SAML 2.0 Assertion的链接:http://msdn.microsoft.com/en-us/library/microsoft.identitymodel.tokens.saml2。 saml2assertion.aspx

This will create a SAML 2.0 Assertion object. To get the XML, this is the code I used:

这将创建一个SAML 2.0 Assertion对象。要获取XML,这是我使用的代码:

using System.Xml;
using System.IdentityModel.Tokens;

namespace YOUR.SPACE
{
    public class Saml2Serializer : Saml2SecurityTokenHandler
    {
        public Saml2Serializer()
        {
            Configuration = new SecurityTokenHandlerConfiguration()
                {

                };
        }

        public void WriteSaml2Assertion(XmlWriter writer, Saml2Assertion data)
        {
            base.WriteAssertion(writer, data);
        }
    }
}

This will serialize your assertion object into XML. This is where I ran into problems. The XML is will create does NOT contain the saml namespace (e.g. <saml:Assertion>). I was not able to find a solution for this, so a Replace("<", "<saml:") had to be used.

这会将断言对象序列化为XML。这是我遇到问题的地方。 XML将创建不包含saml命名空间(例如 )。我无法为此找到解决方案,因此必须使用Replace(“<”,“ :”)。 :assertion>

#2


4  

That's because Saml2Assertion refers to the token not the protocol.

那是因为Saml2Assertion指的是令牌而不是协议。

The SAML token used in WIF is a 1.0 token.

WIF中使用的SAML令牌是1.0令牌。

There is no SAML 2 protocol support in .NET.

.NET中没有SAML 2协议支持。

There is a WIF CTP for SAML 2 but it hasn't been upgraded for ages.

SAML 2有一个WIF CTP,但它已经很久没有升级了。

#1


32  

.NET 4.5 has WIF (Windows Identity Foundation) built into it. This now supports SAML 2.0. To make use of SAML 2.0, just use .NET 4.5. The class name is Saml2XXXX (where XXXX is the token, assertion, serializer etc) Here is a link to SAML 2.0 Assertion: http://msdn.microsoft.com/en-us/library/microsoft.identitymodel.tokens.saml2.saml2assertion.aspx

.NET 4.5内置了WIF(Windows Identity Foundation)。这现在支持SAML 2.0。要使用SAML 2.0,只需使用.NET 4.5。类名是Saml2XXXX(其中XXXX是令牌,断言,序列化器等)以下是SAML 2.0 Assertion的链接:http://msdn.microsoft.com/en-us/library/microsoft.identitymodel.tokens.saml2。 saml2assertion.aspx

This will create a SAML 2.0 Assertion object. To get the XML, this is the code I used:

这将创建一个SAML 2.0 Assertion对象。要获取XML,这是我使用的代码:

using System.Xml;
using System.IdentityModel.Tokens;

namespace YOUR.SPACE
{
    public class Saml2Serializer : Saml2SecurityTokenHandler
    {
        public Saml2Serializer()
        {
            Configuration = new SecurityTokenHandlerConfiguration()
                {

                };
        }

        public void WriteSaml2Assertion(XmlWriter writer, Saml2Assertion data)
        {
            base.WriteAssertion(writer, data);
        }
    }
}

This will serialize your assertion object into XML. This is where I ran into problems. The XML is will create does NOT contain the saml namespace (e.g. <saml:Assertion>). I was not able to find a solution for this, so a Replace("<", "<saml:") had to be used.

这会将断言对象序列化为XML。这是我遇到问题的地方。 XML将创建不包含saml命名空间(例如 )。我无法为此找到解决方案,因此必须使用Replace(“<”,“ :”)。 :assertion>

#2


4  

That's because Saml2Assertion refers to the token not the protocol.

那是因为Saml2Assertion指的是令牌而不是协议。

The SAML token used in WIF is a 1.0 token.

WIF中使用的SAML令牌是1.0令牌。

There is no SAML 2 protocol support in .NET.

.NET中没有SAML 2协议支持。

There is a WIF CTP for SAML 2 but it hasn't been upgraded for ages.

SAML 2有一个WIF CTP,但它已经很久没有升级了。