下面是我作为SAML响应得到的示例响应。如何从下面的XML响应中使用"NameID"属性,我应该包含哪些代码才能获取该属性,以及它应该包含在ASP中的什么位置。. NET (c#)应用程序?
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">email</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="_b221ce73-ae7e-4119-bacd-6e5d3fb457a1"
NotOnOrAfter="2015-10-16T14:15:04.877Z" Recipient="/ACS/Post.aspx"/>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2015-10-16T14:10:04.873Z" NotOnOrAfter="2015-10-16T15:10:04.873Z">
<AudienceRestriction>
<Audience>yourAudience</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>email@example.org</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>John</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
<AttributeValue>Doe</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement AuthnInstant="2015-10-16T14:10:04.556Z"
SessionIndex="_0660f911-7f04-4616-8dd6-dea65ec0032b">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
如果出于某种原因您更喜欢直接从代码处理SAML令牌,您可以调用SamlSecurityTokenHandler。ReadToken并在解析的token中查找SamlSubjectStatement:
var token =
new SamlSecurityTokenHandler
{
Configuration = new SecurityTokenHandlerConfiguration()
}.ReadToken(new XmlTextReader(...));
subjectStatements = token.Assertion.Statements.OfType<SamlSubjectStatement>();
确保完全按原样传递XML,不需要额外的格式化,因为令牌通常是签名的。