ADFS不断提示输入凭据

ADFS不断提示输入凭据

本文介绍了使用Azure ACS&的MVC3站点使用Firefox和Chrome时,ADFS不断提示输入凭据的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经创建了一个基本的MVC 3网站,该网站使用Windows Azure的访问控制服务(ACS)对Active Directory联合服务(ADFS)终结点执行用户身份验证.我遵循了添加STS参考"向导,该站点运行良好,并且可以在IE中完美地对用户进行身份验证.但是,当我使用Chrome或Firefox时,它会不断提示我输入凭据.

I've created a basic MVC 3 website that's using Windows Azure's Access Control Service (ACS) to perform user authentication against an Active Directory Federated Service (ADFS) endpoint. I followed the "Add STS Reference" wizard and the site runs fine and authenticates users just perfectly in IE. However, when I use Chrome or Firefox it continually prompts for my credentials over and over again.

我在Technet上发现了该帖子,其中提到了与Firefox有关的问题,但没有提及Chrome的修复程序,我也不觉得修复Firefox所需的步骤在现实世界中是可行的(即,我无法期望最终用户执行此操作)

I found this post on technet that mentions the issue as it pertains to Firefox but there's no fix for Chrome mentioned, nor do I feel like the steps required to fix Firefox are practical in the real world (i.e. I can't expect end users to do this)

还有其他人遇到这个障碍吗?我在做什么错了?

Has anybody else hit this snag? What am I doing wrong?

推荐答案

在Microsoft代表(Adam Conkle)的帮助下,在 TechNet (向下滚动至评论),我终于对这个问题有了答案.

With some help from a Microsoft Rep (Adam Conkle) over on TechNet (scroll down to the comments), I finally have an answer to this problem.

结果是,默认情况下,对用户执行身份验证的ADFS网站(该网站在安装ADFS v2.0期间在IIS中进行设置)配置为集成Windows身份验证(IWA).在IIS中,将IWA配置为使用扩展的身份验证保护(EPA),这就是问题所在.显然,大多数其他浏览器尚不支持EPA,这就是Firefox& Chrome不断循环提示输入凭据.

Turns out, the ADFS website that performs authentication of users (this website gets setup in IIS during the installation of ADFS v2.0) is by default configured for Integrated Windows Authentication (IWA). IWA is configured in IIS to use Extended Protection for Authentication (EPA) and therein lies the problem. Apparently, most other browsers don't support EPA yet which is why Firefox & Chrome continually prompt for credentials in a loop.

两个选项...

  1. 继续使用IWA,但在IIS中为网站关闭EPA(此处介绍)
  2. 关闭IWA,以支持基于表单的身份验证(此处描述)
  1. Keep using IWA but turn off EPA in IIS for the website (described here)
  2. Turn off IWA in favor of Forms-based Authentication (described here)

这篇关于使用Azure ACS&的MVC3站点使用Firefox和Chrome时,ADFS不断提示输入凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-12 21:54