Sample web.config that demonstrates how the previously created web.2.0.config file (https://gist.github.com/sjwaight/7508374) can be updated to support claims-based authentication.
<?xml version="1.0"?> | |
<configuration> | |
<configSections> | |
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> | |
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> | |
</configSections> | |
<appSettings> | |
<add key="ida:FederationMetadataLocation" value="https://localhost/idsrv/FederationMetadata/2007-06/FederationMetadata.xml" /> | |
<add key="ida:Realm" value="https://localhost/authdemoapp/secured/" /> | |
<add key="ida:AudienceUri" value="https://localhost/authdemoapp/secured/" /> | |
</appSettings> | |
<connectionStrings> | |
<!-- you'll need to change this to match your server - the one below is using the default local instance with Windows Auth. --> | |
<add name="aspnetmembers" connectionString="server=.;initial catalog=AuthDemoApp;Integrated Security=SSPI"/> | |
</connectionStrings> | |
<system.web> | |
<httpRuntime targetFramework="4.5" requestValidationMode="4.5" /> | |
<compilation debug="true" targetFramework="4.5.1"/> | |
<authentication mode="None"/> | |
<roleManager defaultProvider="SqlProvider" | |
enabled="true" | |
cacheRolesInCookie="true" | |
cookieName=".ASPROLES" | |
cookieTimeout="30" | |
cookiePath="/" | |
cookieRequireSSL="true" | |
cookieSlidingExpiration="true" | |
cookieProtection="All"> | |
<providers> | |
<add name="SqlProvider" | |
type="System.Web.Security.SqlRoleProvider" | |
connectionStringName="aspnetmembers" | |
applicationName="AuthDemoApp"/> | |
</providers> | |
</roleManager> | |
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/> | |
</system.web> | |
<system.webServer> | |
<modules> | |
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" /> | |
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" /> | |
</modules> | |
</system.webServer> | |
<system.identityModel> | |
<identityConfiguration> | |
<audienceUris> | |
<add value="https://localhost/authdemoapp/secured/" /> | |
</audienceUris> | |
<securityTokenHandlers> | |
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> | |
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> | |
</securityTokenHandlers> | |
<certificateValidation certificateValidationMode="None" /> | |
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"> | |
<authority name="http://identityserver.v2.thinktecture.com/trust/claimsdemo"> | |
<keys> | |
<add thumbprint="42458679ECD5F89F51FD126BE3F2F4408464C936" /> | |
</keys> | |
<validIssuers> | |
<add name="http://identityserver.v2.thinktecture.com/trust/claimsdemo" /> | |
</validIssuers> | |
</authority> | |
</issuerNameRegistry> | |
</identityConfiguration> | |
</system.identityModel> | |
<system.identityModel.services> | |
<federationConfiguration> | |
<cookieHandler requireSsl="true" /> | |
<wsFederation passiveRedirectEnabled="true" issuer="https://localhost/idsrv/issue/wsfed" realm="https://localhost/authdemoapp/secured/" requireHttps="true" /> | |
</federationConfiguration> | |
</system.identityModel.services> | |
</configuration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment