在Windows Identity Foundation中禁用加密

我是否可以禁用请求安全令牌响应的加密并仅管理签名? 我正在创建一个自定义STS,它基于WIF SDK的演示扩展了Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService,我无法设置不使用加密。     
2019-10-30 3 条评论
分享

没有找到相关结果

    已邀请:

    锹缄

    我刚刚在Visual Studio中运行了“添加STS参考”向导,选择了创建新STS的选项。该工具生成的模板确实添加了对令牌加密的支持,但如果没有提供证书,则禁用它:(我保留了所有默认注释) 
    protected override Scope GetScope( IClaimsPrincipal principal, RequestSecurityToken request )
{
    ValidateAppliesTo( request.AppliesTo );

    //
    // Note: The signing certificate used by default has a Distinguished name of "CN=STSTestCert",
    // and is located in the Personal certificate store of the Local Computer. Before going into production,
    // ensure that you change this certificate to a valid CA-issued certificate as appropriate.
    //
    Scope scope = new Scope( request.AppliesTo.Uri.OriginalString, SecurityTokenServiceConfiguration.SigningCredentials );

    string encryptingCertificateName = WebConfigurationManager.AppSettings[ "EncryptingCertificateName" ];
    if ( !string.IsNullOrEmpty( encryptingCertificateName ) )
    {
        // Important note on setting the encrypting credentials.
        // In a production deployment, you would need to select a certificate that is specific to the RP that is requesting the token.
        // You can examine the 'request' to obtain information to determine the certificate to use.
        scope.EncryptingCredentials = new X509EncryptingCredentials( CertificateUtil.GetCertificate( StoreName.My, StoreLocation.LocalMachine, encryptingCertificateName ) );
    }
    else
    {
        // If there is no encryption certificate specified, the STS will not perform encryption.
        // This will succeed for tokens that are created without keys (BearerTokens) or asymmetric keys.  
        scope.TokenEncryptionRequired = false;            
    }

    // Set the ReplyTo address for the WS-Federation passive protocol (wreply). This is the address to which responses will be directed. 
    // In this template, we have chosen to set this to the AppliesToAddress.
    scope.ReplyToAddress = scope.AppliesToAddress;

    return scope;
}
        
    2019-10-30 0 0
    分享

    僻朵庙惩竣

    我创建一个CustomSecurityHandler并覆盖其GetEncryptingCredentials方法返回null值,如下面的行,它的工作原理: 
     public class MyCustomSecurityTokenHandler : Saml11SecurityTokenHandler
 {

    public MyCustomSecurityTokenHandler(): base() {}

    protected override EncryptingCredentials GetEncryptingCredentials(SecurityTokenDescriptor tokenDescriptor)
    {
        return null;
    }

 }
    然后在SecurityTokenService类中,我重写GetSecurityTokenHandler,返回之前创建的自定义类: 
    protected override SecurityTokenHandler GetSecurityTokenHandler(string requestedTokenType)
    {
        MyCustomSecurityTokenHandler tokenHandler = new MyCustomSecurityTokenHandler();

        return tokenHandler;
    }
        
    2019-10-30 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    或代码 OrCode.com 备案号:粤ICP备15020848号-1
    Escape time: 0.034156084060669