I am new to Windows Identity Framework. My organization has multiple environments that make use of different 'authority' and 'endpoint' names. My application can detect the environment at runtime. I've looked through the WIF documentation and through stackoverflow and am not, thus far, able to find anything that I can use to help me with this problem.
The example below works in my localhost environment:
<add key="ida:FederationMetadataLocation" value="https://test.login.mycompany.com/FederationMetadata/2007- 06/FederationMetadata1.xml" />
<add key="ida:Realm" value="https://localhost/webapp" />
<add key="ida:AudienceUri" value="https://localhost/webapp/" />
In my development environment the same section needs to be:
<add key="ida:FederationMetadataLocation" value="https://dev.login.mycompany.com/FederationMetadata/2007-06/FederationMetadata1.xml" />
<add key="ida:Realm" value="https://dev.mycompany.com/webapp" />
<add key="ida:AudienceUri" value="https://dev.mycompany.com/webapp/" />
I also need to make similar changes to the AudienceURIs and the federationConfiguration.
Here is the full localhost web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<!--Added for Windows Identity Framework -->
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<!--END: Added for Windows Identity Framework -->
</configSections>
<appSettings>
<!--Added for Windows Identity Framework -->
<add key="ida:FederationMetadataLocation" value="https://test.login.mycompany.com/FederationMetadata/2007-06/FederationMetadata1.xml" />
<add key="ida:Realm" value="https://localhost/webapp" />
<add key="ida:AudienceUri" value="https://localhost/webapp/" />
<!--END: Added for Windows Identity Framework -->
</appSettings>
<system.web>
...
</system.web>
<system.webServer>
<!--Added for Windows Identity Framework -->
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
<!--END: Added for Windows Identity Framework -->
</system.webServer>
<runtime>
<assemblyBinding ...
</assemblyBinding>
</runtime>
<!--Added for Windows Identity Framework -->
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://localhost/webapp" />
<add value="https://localhost/webapp/FederationResult/" />
</audienceUris>
<securityTokenHandlers>
...
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://test.login.mycompany.com/adfs/services/trust">
<keys>
<add thumbprint="123320493" />
</keys>
<validIssuers>
<add name="http://test.login.mycompany.com/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<wsFederation
issuer="https://test.login.mycompany.com/adfs/ls/"
realm="https://localhost/webapp/"
reply="https://localhost/webapp/"
passiveRedirectEnabled="true"
requireHttps="true" />
<cookieHandler name="LocalFedAuthRounding" requireSsl="true" />
</federationConfiguration>
</system.identityModel.services>
<!--Added for Windows Identity Framework -->
</configuration>
Does the WIF provide methods to do this? I've looked through the documents and can't figure out how to make these changes.
Thanks,
Matt
The identity and access tool from Visual Studio only allows for one "authority" at a time. If you want a different authority per environment (say your site is deployed in TST, acceptance and production) then you will need to consider web config transforms at deploy time to configure the correct authority.
However, if you need to accept security tokens from multiple authorities in the same deployed website, then you need to manually merge the section for system.IdentityModel into one. WIF supports (It will try each option one by one) this but IDA doesn't. The system.identityModel.Services part is trickier since that is where you tell WIF how to do a redirect for a passive login scenario. That part you will need to do manually in code. It's not that hard. After all, you just need to redirect to a -cleverly composed - url.
You can also use something like Windows AZure ACS or Thinktecture Identity Server to shield the different identity providers from your application. Identity providers (authorities in your parlance) then get added at the STS level and your app just trusts the STS. Also, do not forget the signout which should be redirected to the same identity provider you used to log in in the first place.
I answered a very similar question just lately but since the answer hasn't been accepted, I can't make your question a duplicate of that one
Authentication against multiple identity providers using WSFederationAuthenticationModule for asp.net
Basically, you do everything in few lines of code instead of relying on the static configuration.
Related
Hello Guys I'm kind of desperate because I'm not able to figure out what's happening here:
I have been in charge of the upgrade from .NET Framework 4.5.1 to 4.8 of a Legacy Application that no one has changed for several years, it creates bearer tokens using OWIN Authorization and is targeting .NET framework 4.8.
Some other services consume these tokens as bearer tokens, so far I have been able to create the tokens using the Authorization server but when I try to consume them on the services I see that the consumer cannot get the claims successfully.
I have been told that the machine key property must match in both services but despite the two services having the same machine key I keep getting unauthorized responses.
The Auth Server WebConfig Looks like this:
<system.web>
<compilation debug="true" targetFramework="4.8" />
<httpRuntime targetFramework="4.8" />
<machineKey validationKey="xxx" decryptionKey="aaa" validation="SHA1" decryption="AES" />
</system.web>
And the Consumer Service Web Config Looks like this:
<system.web>
<compilation debug="true" targetFramework="4.8">
<!-- <assemblies>
<add assembly="AuthComponent2, Version=4.0.0.0, Culture=neutral, PublicKeyToken=457ad908cac10889, processorArchitecture=MSIL" />
<add assembly="Disney.IAME.Keystone.KeystoneDAL, Version=1.0.10.0, Culture=neutral, processorArchitecture=MSIL" />
<add assembly="Disney.Keystone.Common.Model.Service, Version=1.0.10.0, Culture=neutral, processorArchitecture=MSIL" />
<add assembly="Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" />
<add assembly="System.IO.Compression, Version=4.2.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies> -->
</compilation>
<httpRuntime targetFramework="4.8"/>
<machineKey validationKey="xxx" decryptionKey="aaa" validation="SHA1" decryption="AES"/>
</system.web>
If you guys know if there is something missing that I can check I will be very very grateful.
Thanks in advance.
Please am fairly new to programming in asp.net and now am following the steps in a textbook to design an e-commerce web application.
I am using UrlRewritingNet dll from http://www.urlrewriting.net/ to create search engine friendly urls on the application. I unzipped the urlrewritingnet zip and copied its dll file to my application's bin folder. I also copied its urlrewritingnet.xsd file to my project folder. The textbook am working from uses the dll from urlrewriter.net with different configurations which I tried in my project but it didn't work. The textbook also uses visual web developer 2005. Am programming in visual studio 2012 (C#). For now am trying to rewrite the url of my catalogs page so as to test if the configuration in my web.config file is correct. I'm doing the configuration in my web.config, not in IIS. I do not want any IIS configurations because am imagining a scenario where I don't have access to the server.
I keep getting an internal server error that displays like this:
HTTP Error 500.22 - Internal Server Error
An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.
this is the url which I want to rewrite: http://localhost:1036/Catalog.aspx?DepartmentID=1
This is my config file:
<configuration>
<configSections>
<section name="urlrewritingnet"
restartOnExternalChanges="true"
requirePermission ="false"
type="UrlRewritingNet.Configuration.UrlRewriteSection, UrlRewritingNet.UrlRewriter" />
</configSections>
<urlrewritingnet
rewriteOnlyVirtualUrls="true"
contextItemsPrefix="QueryString"
defaultProvider = "RegEx"
defaultPage = "Default.aspx"
xmlns="http://www.urlrewriting.net/schemas/config/2006/07" >
<rewrites>
<add name="Rule1"
provider="RegEx"
virtualUrl="^.*-d([0-9]+)/?$"
rewriteUrlParameter="ExcludeFromClientQueryString"
destinationUrl="~/Catalog.aspx?DepartmentID=$1"
ignoreCase="true" />
</rewrites>
</urlrewritingnet>
<appSettings>
<add key="MailServer" value="smtp.gmail.com"/>
<add key="MailUsername" value="engr.ejikeeze#gmail.com"/>
<add key="MailPassword" value="keeplooking"/>
<add key="MailFrom" value="engr.ejikeeze#gmail.com"/>
<add key="EnableErrorLogEmail" value="false"/>
<add key="ErrorLogEmail" value="engr.ejikeeze#gmail.com"/>
<add key="ProductsPerPage" value="6"/>
<add key="ProductDescriptionLength" value="60"/>
<add key="SiteName" value="BalloonShop"/>
</appSettings>
<connectionStrings>
<add name="BalloonShopConnection" connectionString="server = (local)\SQLEXPRESS; Database = BalloonShop; User = balloonshop; password=ecommerce" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<httpModules>
<add name="UrlRewriteModule"
type="UrlRewritingNet.Web.UrlRewriteModule, UrlRewritingNet.UrlRewriter" />
</httpModules>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="en-US"/>
<customErrors mode="RemoteOnly" defaultRedirect="Oops.aspx" />
<pages theme="BalloonShopDefault">
<controls>
<add src="~/UserControls/DepartmentsList.ascx" tagName="DepartmentsList" tagPrefix="BSUC"/>
</controls>
</pages>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
</configuration>
Pls I need you lovely guys to help me out. Am really stuck. I've searched all round the internet for over 4 days in search of solution but to no avail. Thanks in anticipation.
You can checkout the following link:url-rewriting-in-Asp-Net
I'm using EntityFramework with Windows Azure platform. It works so well in LOCAL mode, but when I'm trying to run my Silverlight application on Web. I get an error:
The underlying provider failed on Open.
<configuration>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="DomainServiceModule" preCondition="managedHandler" type="System.ServiceModel.DomainServices.Hosting.DomainServiceHttpModule, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</modules>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
<add key="ValidationSettings:UnobtrusiveValidationMode" value="WebForms" />
</appSettings>
<system.web>
<httpModules>
<add name="DomainServiceModule" type="System.ServiceModel.DomainServices.Hosting.DomainServiceHttpModule, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</httpModules>
<customErrors mode="Off" />
<compilation debug="true" targetFramework="4.5">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
<httpRuntime requestValidationMode="4.5" targetFramework="4.5" encoderType="System.Web.Security.AntiXss.AntiXssEncoder, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<pages controlRenderingCompatibilityVersion="4.5" />
<machineKey compatibilityMode="Framework45" />
</system.web>
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<connectionStrings>
<add name="DatabaseEntities" connectionString="metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl;provider=System.Data.SqlClient;provider connection string="data source=lnqg2ulkjr.database.windows.net;initial catalog=BuilderDatabase;persist security info=True;user id=XXXXX;password=XXXXX;MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
</configuration>
I was checking that this is a problem in the connection string with Integrated Security but in my case I don't have that property. What could be the error?
This error is from Entity - it has little to do with Silverlight. It happens when one of two things happen:
Entity tries to log in to the database you've pointed it to, and is denied permission/can't find the server/can't find the instance/has some other connection error
Entity successfully logs in, but can't find the data model it recognizes
The second should be very simple to check since you have a working local. If the data model on your local is the same as the data model in your 'production' environment, then that part is taken care of. If you have tables that are different, you could have some issues. This is doubly true if they are missing columns that you've coded in to Entity's data model. Entity will tolerate extra columns and extra tables in many cases, though this changes a lot based on the situation, so YMMV. However, if Entity expects something to be there and it's not, it'll crash with a quickness every time.
My larger suspicion would be that rather awesome connection string you have there. You should be able to check the InnerException on what you're getting to see the specific gripe that the database server is raising. If it isn't, I would rip that out into a console application and attempt to connect with a plain jane SqlConnection doing a simple Select count(Id) from dbo.SmallTable. This will allow you to isolate the connection problems and deal with them in a nice, restricted environment. After you've sorted through the connection issues, you can paste your connection string - now hopefully less confusing - back in and move on.
when I debug my project, there are 5 messages (example: Could not find schema information for the element 'entityFramework'. Web.config) and the application doesn't work (error: Unable to find the requested .Net Framework Data Provider. It may not be installed.).
Web.config:
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=4.3.1.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
<customErrors mode="Off" />
<authentication mode="None" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework">
<parameters>
<parameter value="Data Source=.\SQLEXPRESS ; Integrated Security=True; MultipleActiveResultSets=True" />
</parameters>
</defaultConnectionFactory>
</entityFramework>
<connectionStrings>
<add name="HistoryContainer" connectionString="metadata=res://*/Model1.csdl|res://*/Model1.ssdl|res://*/Model1.msl;provider=System.Data.SqlServerCe.4.0;provider connection string="data source=|DataDirectory|\Database1.sdf"" providerName="System.Data.EntityClient" />
</connectionStrings>
</configuration>
And the object 'System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection' doesn't exist.
What should I do? Thanks.
I had a similar error and I've got rid of it. My web config however referred to a version of 4.4 (not 4.3.1 as you have) which as far as I know doesn't exist. This arose after I grabbed a starter package for the WebAPI with MVC4 from somewhere or other.
V4.3.1 and now V5.0 pre-release do exist as of Aug 2012
I got the nuget package for 4.3.1 using the solution level "library package manager". This is an important step as I could choose which projects to apply it to.
During this process, my web config was changed (to ref 4.3.1) and the problem went away.
What bugs me is that reference to "System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection" cos I cant find where it exists but at least VS isn't complaining any more.
I've been trying to setup a webpage with MVC3 Razor, SQLCE 4 and Code First, the last two downloaded from Nuget, so it is EF Code First CTP5.
I've had a lot of trouble, but I manage to move forward by following this answer
However now I am getting this Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
I thought it should work without full trust so I don't know what is wrong now.
I am using GoDaddy shared hosting with .Net 4 and IIS7
What could be the issue?
EDIT:
I haven't modified the web.config, except for setting custom errors = false to be able to see the exceptions, otherwise I have the webconfig that was generated by using Nuget to get and configure SQLCE and Code first
This is how it is:
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=152368
-->
<configuration>
<appSettings>
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.web>
<customErrors
mode="Off"
/>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages" />
</namespaces>
</pages>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.data>
<DbProviderFactories>
<remove invariant="System.Data.SqlServerCe.4.0" />
<add name="Microsoft SQL Server Compact Data Provider 4.0" invariant="System.Data.SqlServerCe.4.0" description=".NET Framework Data Provider for Microsoft SQL Server Compact" type="System.Data.SqlServerCe.SqlCeProviderFactory, System.Data.SqlServerCe, Version=4.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
</DbProviderFactories>
</system.data>
</configuration>
It seems to be a bug with CTP5 that will be fixed in final release.
http://connect.microsoft.com/VisualStudio/feedback/details/641462/ef-code-first-issue-with-medium-trust
Hmmm as I said in the first comment on the question, it is an error with Code First CTP5, which uses full trust instead of medium trust. Source