Implementing ASP.NET web with WIF & ADFS 1.0 -

-

i have developed solution asp.net front-end using wcf-services back-end. web-site authenticates using adfs 1.0 (i not have control of adfs-implementation has been configured web-application). also, it's no option upgrade adfs 2.0 (at least not in near future)

the configuration in web.config following:

<httpmodules>    <add name="identity federation services application authentication module" type="system.web.security.singlesignon.webssoauthenticationmodule, system.web.security.singlesignon, version=1.0.0.0, culture=neutral, publickeytoken=31bf3856ad364e35, custom=null" /> </httpmodules>  <membership defaultprovider="singlesignonmembershipprovider2">             <providers>                 <add name="singlesignonmembershipprovider2" type="system.web.security.singlesignon.singlesignonmembershipprovider2, system.web.security.singlesignon.partialtrust, version=1.0.0.0, culture=neutral, publickeytoken=31bf3856ad364e35" fs="https://urltoadfs/adfs/fs/federationserverservice.asmx" />             </providers> </membership>  <websso>             <authenticationrequired />             <urls>                 <returnurl>https://myapplication/</returnurl>             </urls>             <fs>https://urltoadfs/adfs/fs/federationserverservice.asmx</fs>             <issharepoint /> </websso>

this works fine , can access application using account in adfs. the problem need convert claim-identity windowsidentity access back-end wcf services (they use windows authentication impersonation/delegation).

is there way accomplish adfs 1.0? have tried use wif (windows identity foundation) cannot find clear information if it's possible use adfs 1.0 sts. have investigated "windows nt token-based applications"-option (http://technet.microsoft.com/en-us/library/cc784956(v=ws.10).aspx) avoid changes in current adfs-implementation if possible.

to test wif-option used following configuration in web.config (the part on websso removed):

<httpmodules>                        <add name="sessionauthenticationmodule" type="microsoft.identitymodel.web.sessionauthenticationmodule, microsoft.identitymodel, version=3.5.0.0, culture=neutral, publickeytoken=31bf3856ad364e35"/>                     <add name="wsfederationauthenticationmodule" type="microsoft.identitymodel.web.wsfederationauthenticationmodule, microsoft.identitymodel, version=3.5.0.0, culture=neutral, publickeytoken=31bf3856ad364e35" />             <add name="claimsauthorizationmodule" type="microsoft.identitymodel.web.claimsauthorizationmodule, microsoft.identitymodel, version=3.5.0.0, culture=neutral, publickeytoken=31bf3856ad364e35" /> </httpmodules>   <microsoft.identitymodel>     <service>           <audienceuris>             <add value="https://myapplication/" />           </audienceuris>     <applicationservice>         <claimtyperequired>                   <claimtype type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" optional="true" />         </claimtyperequired>     </applicationservice>                  <securitytokenhandlers>            <add type="microsoft.identitymodel.tokens.saml11.saml11securitytokenhandler, microsoft.identitymodel, version=3.5.0.0, culture=neutral, publickeytoken=31bf3856ad364e35">              <samlsecuritytokenrequirement maptowindows="true" usewindowstokenservice="true" />            </add>          </securitytokenhandlers>     <federatedauthentication>           <wsfederation passiveredirectenabled="true"                         issuer="https://urltoadfs/adfs/fs/federationserverservice.asmx"                         realm="https://myapplication/"                                               requirehttps="true" />       </federatedauthentication>             </service>     </microsoft.identitymodel>

i have "claims windows token service" (c2wts) running on web-server.

i redirected adfs-server receives general error server.


Comments

Post a Comment

Popular posts from this blog

javascript - Count length of each class -

-
i have below code in this fiddle . html <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> javascript $('.myname').each(function(){ var text = $(this).html().split(' '), len = text.length, test = $(this).val().length, result = []; console.log('outside: ' + test); for( var = 0; < len; i++ ) { result[i] = '<span class="name-'+[i]+'" >' + text[i] + '</span>'; console.log('inside: ' + test); } $(this).html(result.join(' ')); console.log('after
Read more

What design pattern is this code in Javascript? -

-
this question has answer here: why write “.call(this)” @ end of javascript anonymous function? [duplicate] 4 answers what kind of design pattern , significance of using closure? (function(){ // code here }).call(this); edit then difference between above code , following this keyword still refer same object in both ways. (function(){ // code here })(); thats invoked function expression. more info here: http://benalman.com/news/2010/11/immediately-invoked-function-expression/ the purpose run code while protecting scope (so variables declared within don't leak out global scope. update call sets value of this function being applied on. without it, value set window object, there set outer scope.
Read more

hadoop - Restrict secondarynamenode to be installed and run on any other node in the cluster -

-
i have have cloudera cdh3u4 cluster setup. have secondarynamenode daemon running on 1 of nodes. i have ensure user has root access node on cluster (for example, datanode not have other daemons running) should not able start instance of secondarynamenode daemon on node (thereby having 2 secondarynamenodes on cluster) how can achieve this? thanks in advance. add property hdfs-site.xml namedfs.secondary.http.address valuesecondarynamenode-host address or ip:50090
Read more