由于需要在负载平衡器上运行我的站点,我不得不将会话令牌处理程序替换为以下内容。
public class WebFarmSessionSecurityTokenHandler : SessionSecurityTokenHandler
{
public WebFarmSessionSecurityTokenHandler(X509Certificate2 protectionCertificate)
: base(CreateRsaTransforms(protectionCertificate))
{ }
private static ReadOnlyCollection<CookieTransform> CreateRsaTransforms
(X509Certificate2 protectionCertificate)
{
var transforms = new List<CookieTransform>()
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(protectionCertificate),
new RsaSignatureCookieTransform(protectionCertificate),
};
return transforms.AsReadOnly();
}
}
然后我修改了网页。
<microsoft.identityModel>
<service>
...
<securityTokenHandlers>
<clear />
<add type="MyAssembly.WebFarmSessionSecurityTokenHandler, MyAssembly"/>
</securityTokenHandlers>
...
</service>
</microsoft.identityModel>
我希望这样做之后,我的依赖方能够正常工作,无论它访问的是哪个节点或哪个盒子发起了身份验证。
我目前得到以下信息:SecurityTokenHandler未注册以读取安全令牌。
任何想法?
void onServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)
});
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
需要放在全局变量中。asax文件。在应用程序开始时挂起以下事件。
FederatedAuthentication.ServiceConfigurationCreated += onServiceConfigurationCreated;
我不再需要WebFarmSessionSecurityTokenHandler或配置更改来插入它。