我有一个Win Form应用程序(不在Intranet),我想实现一个功能,在那里你可以插入你的AD凭据和应用程序应该连接到我们的AD通过web发布的ADFS(标准https://[adfsurl]/ADFS/ls/idpinitiatedsign .aspx),并获得这些信息(例如AD组你属于)。
我开始研究,但大多数的例子是为ASP。. NET和MVC或WIF在内网场景
你建议用什么方法?
因此,我能够创建MVC asp.net项目并获得所需的信息,例如,我可以检索连接的用户组。
正如我之前提到的,这是一个WinForms工具,需要安装在用户的PC上,这样MVC项目将无法工作。
我试图搜索一些不需要Web组件的代码,最后我能够创建一些连接到我的adfs的代码,并得到一个令牌。
Dim sEndPointAddress As String = "https://domain/adfs/ls/idpinitiatedsignon.aspx"
Dim binding As New WS2007HttpBinding()
binding.Security.Message.EstablishSecurityContext = False
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName
binding.Security.Mode = SecurityMode.TransportWithMessageCredential
Dim trustChannelFactory As New WSTrustChannelFactory(binding, New EndpointAddress("https://domain/adfs/services/trust/13/usernamemixed"))
trustChannelFactory.TrustVersion = TrustVersion.WSTrust13
trustChannelFactory.Credentials.UserName.UserName = "username"
trustChannelFactory.Credentials.UserName.Password = "password"
Dim requestToken As New RequestSecurityToken(RequestTypes.Issue)
requestToken.AppliesTo = New EndpointReference(sEndPointAddress)
requestToken.Claims.Dialect = "http://docs.oasis-open.org/wsfed/authorization/200706/authclaims"
requestToken.Claims.Add(New RequestClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", True, "Windows account name"))
requestToken.Claims.Add(New RequestClaim("request", True, "id"))
Dim tokenClient As WSTrustChannel = CType(trustChannelFactory.CreateChannel(), WSTrustChannel)
Try
Dim token As Object = tokenClient.Issue(requestToken)
现在我有了令牌,我如何检索我需要的AD信息?这是我发送的RequestClaim的一部分吗?我如何将此工具生成的请求添加到依赖方信托?
我终于能够使它工作了,我必须在ADFS中创建一个新的应用程序并生成一个自签名证书。
代码如下:
Private Sub GetToken()
Const certSubject As String = "CN=[CN of the cert]"
Dim sEndPointAddress As String = "https://domain/adfs/services/myapp"
Dim binding As New WS2007HttpBinding()
binding.Security.Message.EstablishSecurityContext = False
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName
binding.Security.Mode = SecurityMode.TransportWithMessageCredential
Dim trustChannelFactory As New WSTrustChannelFactory(binding, New EndpointAddress("https://domain/adfs/services/trust/13/usernamemixed"))
trustChannelFactory.TrustVersion = TrustVersion.WSTrust13
trustChannelFactory.Credentials.UserName.UserName = [user]
trustChannelFactory.Credentials.UserName.Password = [password]
Dim requestToken As New RequestSecurityToken(RequestTypes.Issue)
requestToken.AppliesTo = New EndpointReference(sEndPointAddress)
requestToken.RequestType = RequestTypes.Issue
requestToken.KeyType = KeyTypes.Bearer
requestToken.Claims.Dialect = "http://docs.oasis-open.org/wsfed/authorization/200706/authclaims"
Dim channel As IWSTrustChannelContract = trustChannelFactory.CreateChannel()
Dim tokenClient As WSTrustChannel = CType(trustChannelFactory.CreateChannel(), WSTrustChannel)
Try
Dim token As GenericXmlSecurityToken = tokenClient.Issue(requestToken)
Dim tokenHandlers = New SecurityTokenHandlerCollection(New SecurityTokenHandler() {New SamlSecurityTokenHandler()})
tokenHandlers.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never
tokenHandlers.Configuration.CertificateValidationMode = X509CertificateValidationMode.None
tokenHandlers.Configuration.RevocationMode = X509RevocationMode.NoCheck
tokenHandlers.Configuration.CertificateValidator = X509CertificateValidator.None
tokenHandlers.Configuration.AudienceRestriction = New AudienceRestriction()
tokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(New Uri(sEndPointAddress))
Dim trusted = New TrustedIssuerNameRegistry(certSubject)
tokenHandlers.Configuration.IssuerNameRegistry = trusted
'convert the generic security token to a saml token
Dim samlToken = tokenHandlers.ReadToken(New XmlTextReader(New StringReader(token.TokenXml.OuterXml)))
'convert the saml token to a claims principal
Dim ClaimsPrincipal = New ClaimsPrincipal(tokenHandlers.ValidateToken(samlToken).First())
'Display token information
Console.WriteLine("Name : " + ClaimsPrincipal.Identity.Name)
Console.WriteLine("Auth Type : " + ClaimsPrincipal.Identity.AuthenticationType)
Console.WriteLine("Is Authed : " + ClaimsPrincipal.Identity.IsAuthenticated.ToString())
For Each c As System.Security.Claims.Claim In ClaimsPrincipal.Claims
Console.WriteLine(c.Type + " / " + c.Value)
Console.ReadLine()
Next
Form1.lbl_Hello.Text = "Hi, " + ClaimsPrincipal.Identity.Name
Catch ex As Exception
If ex.Message.Contains("ID3242") Then
MsgBox("Invalid Credentials")
Else
MsgBox(ex.Message)
End If
End Try
End Sub