我正在为WebApiSecurity使用Thinktecture.IdentityModel 4.0样本。我修改了AdfsSamlClient以使用我们的ADFS服务器。未授权的呼叫 - 我用Thinktecture.Identity SAML令牌未授权
var channel = factory.CreateChannel();
var token = channel.Issue(rst) as GenericXmlSecurityToken;
然后我尽量使服务呼叫
var client = new HttpClient { BaseAddress = _baseAddress };
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("AdfsSaml", saml);
var response = client.GetAsync("identity").Result;
,并获得401是能够从出ADFS服务器获取SAML令牌。
我不知道如何调试。我追踪了Microsoft.IdentityModel,但它只是信息级别的跟踪,没有错误或警告,也没有任何我可以用来调试。
服务跟踪有趣的部分:
1. Description OnEndRequest is redirection to IdentityProvider '/WebHost/api/identity' 2. Description CreateSignInRequest BaseUri https://[ADFS...]/adfs/ls/ wa wsignin1.0 wtrealm https://[WorkStation...]/WebHost/ wctx rm=0&id=passive&ru=%2fWebHost%2fapi%2fidentity 3. Description Redirecting to IdentityProvider: 'https://[ADFS...]/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2f[WorkStation...]%2fWebHost%2f&wctx=rm%3d0%26id%3dpassive%26ru%3d%252fWebHost%252fapi%252fidentity&wct=2013-09-30T17%3a35%3a04Z'
感谢任何见解。