是的,这是因为您使用的是依赖于 DPAPI 的默认令牌加密。您可以将其替换为基于证书的加密。看这里:http://msdn.microsoft.com/en-us/library/ff803371.aspx http://msdn.microsoft.com/en-us/library/ff803371.aspx(滚动到“应用程序还有一项更改......” )
代码是:
void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
var sessionTransforms =
new List<CookieTransform>(
new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(
e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(
e.ServiceConfiguration.ServiceCertificate)
});
var readOnlyTransforms = sessionTransforms.AsReadOnly();
var sessionHandler = new SessionSecurityTokenHandler(readOnlyTransforms);
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
and
void Application_Start(object sender, EventArgs e)
{
FederatedAuthentication.ServiceConfigurationCreated += OnServiceConfigurationCreated;
}
两者都在 global.asax.cs 上
顺便说一句,这也是配置 WIF 的“网络场友好”方式,因此它是独立于机器(实例)的。 Windows Azure 部署本质上是网络场,因此这就是您在该章中看到它的原因。
Update:在新版本中,API 已更改。更新后的代码如下所示
void OnFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
var sessionTransforms = new List<CookieTransform>(
new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate)
});
var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.FederationConfiguration
.IdentityConfiguration
.SecurityTokenHandlers
.AddOrReplace(sessionHandler);
}
and
protected void Application_Start()
{
FederatedAuthentication.FederationConfigurationCreated += OnFederationConfigurationCreated;
}