c# - Trying to get a working web.config section for this programmatic AD FS configuration -

- August 15, 2010

i have following programmatic code know works when try validate ad fs tokens:

var configuration = new securitytokenhandlerconfiguration(); configuration.audiencerestriction.audiencemode = audienceurimode.always; configuration.audiencerestriction.allowedaudienceuris.add(new uri("https://application.local/")); configuration.certificatevalidationmode = x509certificatevalidationmode.chaintrust; configuration.revocationmode = x509revocationmode.online; configuration.certificatevalidator = x509certificatevalidator.chaintrust; var registry = new configurationbasedissuernameregistry(); registry.addtrustedissuer("<certificate thumbprint>", "adfs signing - adfs.example.local"); configuration.issuernameregistry = registry; securitytokenhandlers = securitytokenhandlercollection.createdefaultsecuritytokenhandlercollection(configuration);

however, trying convert working configuration can mark in web.config. have tried this:

<system.identitymodel>   <identityconfiguration savebootstrapcontext="true">    <securitytokenhandlers>     <securitytokenhandlerconfiguration>       <audienceuris>         <add value="https://application.local/" />       </audienceuris>       <certificatevalidation certificatevalidationmode="chaintrust" revocationmode="online" trustedstorelocation="localmachine"/>       <issuernameregistry>         <trustedissuers>           <add thumbprint="<certificate thumbprint>" name="adfs signing - adfs.example.local" />         </trustedissuers>       </issuernameregistry>     </securitytokenhandlerconfiguration>    </securitytokenhandlers>   </identityconfiguration> </system.identitymodel>

using following code (this time, not passing in programmatic configuration):

securitytokenhandlers = securitytokenhandlercollection.createdefaultsecuritytokenhandlercollection();

but error when try validate tokens is:

at least 1 'audienceuri' must specified in samlsecuritytokenrequirement when audienceurimode set 'always' or 'bearerkeyonly'. either add valid uri values audienceuris property of samlsecuritytokenrequirement, or turn off checking specifying audienceurimode of 'never' on samlsecuritytokenrequirement.

so must not reading configuration correctly. missing? code wrong? config wrong?

securitytokenhandlers = system.identitymodel.services.federatedauthentication.federationconfiguration.identityconfiguration.securitytokenhandlers;

the config correct.

Search This Blog

Maxid

c# - Trying to get a working web.config section for this programmatic AD FS configuration -

Comments

Post a Comment

Popular posts from this blog

php - Invalid Cofiguration - yii\base\InvalidConfigException - Yii2 -

How to show in django cms breadcrumbs full path? -

ruby on rails - npm error: tunneling socket could not be established, cause=connect ETIMEDOUT -