Windows Identity Foundation: leer mediante programación los tipos de notificaciones de web.config

What is the best way to programmatically read the claim types found in the Web.config?

preguntado el 09 de marzo de 12 a las 14:03

This doesn't make sense. You're not reading claims for the web.config. You're reading the claims from a token, and that's all handled through WIF. Can you clarify what you mean? -

I am referring to the claims that are generated by the fedutil.exe in the web.config. I want to be able to compare them as valid claims against what I get from the STS. On a different topic, I read your post (garrettvlieger.com/blog/2010/03/…) and it isn't working for me, as far as refreshing the claims. Any ideas? -

I wanted this more for a verification check than anything. I'm actually checking the real claims via ClaimsIdentity object and somebody had changed a claim description which was causing some errors. Also, Garret, I take back what I said about your post as I got it working. Thanks for the help. -

2 Respuestas

I might be mistaken, but I don't think the claim types listed under applicationService/claimTypeRequested in the web.config are actually used by WIF, they're only used by FedUtil.exe when generating your application's federation metadata document. Therefore I don't think WIF exposes them anywhere under FederatedAuthentication.ServiceConfiguration like one might expect.

You can always just crack open the web.config and scan for them yourself, like so:

XmlDocument doc = new XmlDocument();
doc.Load(WebConfigurationManager.OpenWebConfiguration("~").FilePath);
XmlNamespaceManager docNs = new XmlNamespaceManager(doc.NameTable);
docNs.AddNamespace("fed", doc.DocumentElement.NamespaceURI);
XmlNodeList claimsNodes = doc.SelectNodes(@"/fed:configuration/fed:microsoft.identityModel/fed:service[count(@name)=0 or @name='']/fed:applicationService/fed:claimTypeRequired/fed:claimType", docNs);

respondido 10 mar '12, 21:03

You are correct but Iw as wondering if anyone had a way to read the claims from web.config other than parsing it as xml. I want this mainly because someone changed a claim out from under me and I was hoping to write a quick test to validate the claims. - mike cheel

It sounds like you can achieve what you're trying to do by parsing the web.config as XML. May I ask why you're apprehensive to do so? - andres lavers

Just looking for a strongly typed way I suppose. If there is a built-in object (apparently there isn't) I would prefer to use that. - mike cheel

@Andrew is correct - the list in the web.config is only used for metadata.

If you wanted to, you could Access The Claims in an ASP.NET Page, scan the web.config and compare.

respondido 11 mar '12, 18:03

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.