Use WIF to implement Single-point logon Part I-Windows identity Foundation introduction and environment setup

One week last month, we were studying the implementation of Asp.net MVC Uniform Identity Authentication and single sign-on. After some exploration, Microsoft's Windows identity Foundation was finally decided. However, it seems that there are not many people using this item, and there are very few Chinese materials, so I took a lot of detours during the test. So I wrote this series of articles, we hope to provide some help to future friends.

First, let's talk about WIF (Windows identity Foundation ). For various historical reasons, identity authentication and identity management are generally irregular. Adding the "authentication" function in the software means you need to mix the code that processes underlying tasks (such as verifying the user name and password, and dealing with X509 certificates or similar certificates) in your code. In this way, the infrastructure needs to be quite dependent, and the program is difficult to transplant unless it is overwritten in a large scope. To change this situation, the use of declarative identity can solve this problem well. This "Declaration-based identifier" is a thing of God and horses. We will leave it for later. Now you only need to know that there is such a thing. Windows
Identity Foundation (WIF) is Microsoft's declarative identity-based protocol stack. It is a new basic technology that can help. NET developers use a declarative method to process authentication, authorization, customization, and any identity-related tasks without writing any underlying code.

The following describes how to build a wif environment. Here I am taking a lot of roads. I will not share my miserable experiences with you. I will introduce how to build various environments:

1. If you have installed vs2012, WIF is included in. NET Framework and the version is wif4.5. However, wif4.5 can only be used. net 4.5 project, if your Asp.net or MVC project is based on. net 4.5 or lower (even if you have created a project in vs2012), please refer to the following method.

2. If you have installed vs2010/vs2008, you must first install WIF and then install wif sdk.

If you are using Windows 8, the system has been integrated with Windows identity Foundation 3.5.Control Panel-> Programs and functions-> enable or disable Windows functions, FindWindows
Identity Foundation 3.5, Check the previous one, and then click "OK". After the task is finished, click "close,

 

In this way, WIF 3.5 is enabled successfully.

For other operating systems, click here to find the EXE file of the corresponding operating system and download and install it.

3. Install the wif sdk. If you use vs2012, you do not need to install any SDK because it has been integrated into. NET Framework 4.5. However, you may need to install a vs plug-in. Open vs2012, Click Tools-> extensions and updates, click "online" in the list on the left, enter "Identity" in the search box in the upper right corner, and click "Identity" in the search result.
And access tool ", click the Download button, and wait for the download and installation to complete. This tool allows you to quickly add a local development STS (local development STS) for Web applications, MVC programs, or WCF services to test WIF functions. We will discuss the use of this tool later.

If you are not using vs2012, click here to download and install the corresponding SDK.

So far, the environment required by WIF has been set up. Next, let's use a small example to illustrate how WIF works.

The environment I use here is win7 + vs2012, vs2010 + wif3.5/4.0. Please refer to this article.

Open vs2012 and create a project named wiftutorial Based on. NET framework4.5. For example:

In the pop-up "new ASP. net mvc 4 Project" dialog box, click "OK ".

After the project is created, right-click the project name in Solution Explorer and select "identity and accee ...",

On the "providers" tab, select "Use the Local Development STS to test your application ". In this case, the "local development STS" tab is changed from unavailable to available. Switch to this tab and change the value column of the first row in the test claims to issue table to "ojlovecd ",

Click "OK". This tool will change your web. config file. Open Web. config in Solution Explorer to see:

<? XML version = "1.0" encoding = "UTF-8"?> <! -- For more information about how to configure ASP. NET applications, visit the http://go.microsoft.com/fwlink? Linkid = 169433 --> <configuration> <configsections> <! -- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink? Linkid = 237468 --> <section name = "entityframework" type = "system. data. entity. internal. configfile. entityframeworksection, entityframework, version = 5.0.0.0, culture = neutral, publickeytoken = b77a5c561934e089 "requirepermission =" false "/> <section name =" system. identitymodel "type =" system. identitymodel. configuration. systemidentitymodelsection, system. identitymodel, version = 4.0.0.0, culture = neutral, publick Eytoken = b77a5c561934e089 "/> <section name =" system. identitymodel. services "type =" system. identitymodel. services. configuration. systemidentitymodelservicessection, system. identitymodel. services, version = 4.0.0.0, culture = neutral, publickeytoken = b77a5c561934e089 "/> </configsections> <connectionstrings> <Add name =" defaultconnection "connectionstring =" Data Source = (localdb) \ v11.0; initial catalog = ASPnet-W IFTutorial-20130220231745; Integrated Security = sspi; attachdbfilename = | datadirectory | \ aspnet-WIFTutorial-20130220231745.mdf "providername =" system. data. sqlclient "/> </connectionstrings> <appsettings> <add key =" webpages: version "value =" 2.0.0.0 "/> <add key =" webpages: enabled "value =" false "/> <add key =" preserveloginurl "value =" true "/> <add key =" clientvalidationenabled "value =" true "/> <add key = "unobt Rusivejavascriptenabled "value =" true "/> <add key =" Ida: federationmetadatalocation "value =" http: // localhost: 14419/wsfederationsts/federationmetadata/2007-06/federationmetadata. <add key = "Ida: issuer" value = "http: // localhost: 14419/wsfederationsts/issue"/> <add key = "Ida: providerselection "value =" localsts "/> </appsettings> <Location Path =" federationmetadata "> <system. web> <authorization> <allo W users = "*"/> </authorization> </system. Web> </location> <system. Web> <authorization> <deny users = "? "/> </Authorization> <Authentication mode =" NONE "/> <compilation DEBUG =" true "targetframework =" 4.5 "/> 
The marked red part is automatically generated by the tool. At the same time, this tool will create a directory named federationmetadata under your program and directory. You can see it by clicking "show all files" in Solution Explorer.

Then press F5 and an error is returned,

Check the prompt because you must use the Administrator identity to start localsts. Okay, turn off vs, open it again as an administrator, load the project, and press F5 again to run the program. Now we can see that localsts is running at the bottom right corner of the tray, and open the home page, in the upper-right corner, the user ojlovecd is logged on.



What did this series of operations do?
First, we have mentioned that identity and access tool first modifies the web. config, which adds some configuration information that WIF will use. When the program starts, it first starts localsts. What is the role of localsts? Because web. the authorization node is configured in config to deny anonymous user access. Therefore, after your program runs, the request information for the program is redirected to localsts and the identity information is requested from localsts, after receiving the request, localsts returns the identity information. How does the returned identity information come from? Yes, it is in identity and access
Configured in the third tab of the tool.

So far, we have implemented a very simple authentication function without writing any code. We will give a detailed explanation of this example, as well as the WIF principle and the implementation of single sign-on, we will leave the following articles to explain.