如何在ASP中设置NameClaimType。净MVC 5网站?

I've created an ASP.Net MVC 5 site using Microsoft's "On-Premises" Organization Account Authentication mechanism. This is ultimately configured to point to my companies ADFS infrastructure. I'm getting back all the configured claims. However, at runtime, the ClaimsIdentity.Name is blank. This is because the ClaimsIdentity.NameClaimType, by default, appears to be:

我创建了一个ASP。Net MVC 5站点使用微软的“现场”组织账户认证机制。这最终被配置为指向我的公司ADFS基础结构。我要取回所有配置好的权利要求书。然而，在运行时，ClaimsIdentity。的名字是空白。这是因为索赔。NameClaimType默认为:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

However, I want the ClaimsIdentity.Name to me mapped to:

但是，我想要索赔。我的名字映射到:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

According to Microsoft Docs, the place to set this in web.config is within the Add element of the securityTokenHandlers element:

根据微软文档，在web上设置这个的位置。配置在securityTokenHandlers元素的Add元素中:

<system.identityModel>
  <identityConfiguration>
    <securityTokenHandlers>
      <add>
        <samlSecurityTokenRequirement>
          <nameClaimType value=xs:string>
          </nameClaimType>
        </samlSecurityTokenRequirement>
      </add>
    </securityTokenHandlers>
  </identityConfiguration>
</system.identityModel>

In my ASP.Net MVC 5 web.config, the only thing that looks applicable, and passes intellisense checks ends up looking like this:

在我的ASP。净5 web MVC。配置，唯一看起来适用的东西，并通过智能感知检查的结果是这样的:

<system.identityModel>
  <identityConfiguration>
    <securityTokenHandlers>
      <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
        <samlSecurityTokenRequirement>
          <nameClaimType value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"/>
        </samlSecurityTokenRequirement>
       </add>
      <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    </securityTokenHandlers>
  </identityConfiguration>
</system.identityModel>

However, this appears to have no effect. My MVC app still reports a blank ClaimsIdentity.Name field and the ClaimsIdentity.NameClaimType continues to be:

然而，这似乎没有效果。我的MVC应用程序仍然报告一个空白的声明。Name字段和ClaimsIdentity。NameClaimType仍然是:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

What should my Web.Config look like to map my existing claim into the ClaimsIdentity.Name field?

什么我的网页。配置看起来像是将现有的请求映射到ClaimsIdentity中。名称字段?

1 个解决方案

#1

I found that using the following securityTokenHandlers section got me to where I needed to be based on a SAML 2.0 payload from my ADFS system:

我发现使用下面的securityTokenHandlers部分将我从ADFS系统的SAML 2.0负载中得到了需要的地方:

<securityTokenHandlers>
  <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  <remove type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  <add type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
    <samlSecurityTokenRequirement>
      <nameClaimType value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
    </samlSecurityTokenRequirement>
  </add>
</securityTokenHandlers>

I'm not at all certain how the claims were being consumed with the default web.config since no Saml token handler was configured. Maybe something in the source code does some default behavior...

我一点也不确定默认web是如何使用这些声明的。配置，因为没有配置Saml令牌处理器。也许源代码中的某些东西做了一些默认行为……

#1