Friday 15 February 2013

Passing parameter SecurityToken to a different asp.net mvc website in a POST doesn't work to allow Single Sing-On -


I have many websites, A, B, C ..... Website A: is an authentication website, , Passwords and an additional parameter; The website redirects a successful user login to a website. When the user logs in, I get in a token received from System A. IdentityModel.Tokens.SecurityToken My first method was trying to pass the token to another website via post request but no success was achieved because the token was too large. At first I thought it was serialized, but not: XML using GenericXmlSecurityToken ToTokenXmlString () Can be converted into This is an extension method on Thinktecture.IdentityModel.Extensions, I am attaching category details below 

  Public Stable Class SecurityToken Extensions {Public Stable Claims Primitive ToClaims Principal (This Security Token Token, SecurityToken Handler Collection Handler); Public Static Claims Principal Touclaims Principal (this security token token, X509 certificate certificate 2 certificate); Public Static Claims Principal Touclaims Principal (this security token token, X509 certificate 2 signature certificate, string viewer Yuri); Public stable security token tocecurity token (this generic xmail security token token); Public static safety token Tuskutti Token (This Generic XMail Summit Tokens Token, Security Token Handler Collection Handler); Public stable security token TusakyTToken (this generic xmail security takoken token, X509Certificate2 decryption certificate); Public Static String ToTokenXmlString (This GenericXmlSecurityToken Tokens); Public Static String ToTokenXmlString (this security token token); Public Static String ToTokenXmlString (This SecurityToken Tokens, SecurityTokenHandlerCollection Handler); }

As you can see that we can convert XML to string, but not the above methods, it takes the string and gives security, instead they are generic XMLSetTitcan takes. The creators of that category are here and depend on more than one parameter.

Question:

  1. Do I need to add something to my web configurations to make this possible?
  2. Can I serialize a security token and post it on website B and it can be replicated with all the original values ​​(which is an approach on this matter).

The appropriate solution would be to use an STS, for both website authentication Use. Manually posting tokens is a little hack.

He said - you can create Generic XMail Security token from XML string. IIRC You can pass null for all CTOR arguments that you do not know.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)