windows – 使用自定义STS从访问控制服务注销
发布时间:2021-02-02 07:03:08 所属栏目:系统 来源:网络整理
导读:我正在使用带有自定义STS的 Windows Azure访问控制服务.我可以通过ACS登录我的应用程序,但是我在登出功能方面遇到了麻烦.我在我的应用程序中尝试过这段代码. WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationMod
|
我正在使用带有自定义STS的 Windows Azure访问控制服务.我可以通过ACS登录我的应用程序,但是我在登出功能方面遇到了麻烦.我在我的应用程序中尝试过这段代码. WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationModule;
try
{
FormsAuthentication.SignOut();
}
finally
{
fam.SignOut(true);
}
Page.Response.Redirect("default.aspx");
但似乎它从ACS注销用户而不是从自定义STS注销.从STS注销我该怎么办?应用(RP),ACS或STS中的问题可能出在哪里? 我认为ACS应该要求自定义STS注销用户,但似乎它没有这样做.我错过了什么? 解决方法我已经为FederatedSignout创建了一个帮助方法,在代码中注释了我在路上发现的内容(hth)public static void FederatedSignOut(string reply = null)
{
WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationModule;
// Native FederatedSignOut doesn't seem to have a way for finding/registering realm for singout,get it from the FAM
string wrealm = string.Format("wtrealm={0}",fam.Realm);
// Create basic url for signout (wreply is set by native FederatedSignOut)
string signOutUrl = WSFederationAuthenticationModule.GetFederationPassiveSignOutUrl(fam.Issuer,null,wrealm);
// Check where to return,if not set ACS will use Reply address configured for the RP
string wreply = !string.IsNullOrEmpty(reply) ? reply : (!string.IsNullOrEmpty(fam.Reply) ? fam.Reply : null);
WSFederationAuthenticationModule.FederatedSignOut(new Uri(signOutUrl),!string.IsNullOrEmpty(wreply) ? new Uri(wreply) : null);
// Remarks! Native FederatedSignout has an option for setting signOutUrl to null,even if the documentation tells otherwise.
// If set to null the method will search for signoutUrl in Session token,but I couldn't find any information about how to set this. Found some Sharepoint code that use this
// Michele Leroux Bustamante had a code example (from 2010) that also uses this form.
// Other examples creates the signout url manually and calls redirect.
// FAM has support for wsignoutcleanup1.0 right out of the box,there is no need for code to handle this.
// That makes it even harder to understand why there are no complete FederatedSignOut method in FAM
// When using native FederatedSignOut() no events for signout will be called,if you need this use the FAM SignOut methods instead.
}
此代码用于我们为带有ACS的Web SSO创建的标准RP库中. (编辑:辽源站长网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |