I must admit right away that I'm not a real programmer. That is, once I was real - in the sense, they paid me money for writing programs. However, this was more than fifteen years ago, I wrote programs, in accordance with the then fashion, mainly in Delphi (well, or a little earlier - also in C / C ++) - in short, on what is now, well, not at all fashionable and is not in demand. And for the last fifteen years I have been making money almost exclusively by system administration, mainly by administering Microsoft solutions, especially Active Directory and MS Exchange. And the only thing that concerned programming in this activity was writing scripts in, so to speak, a programming language called Powershell.
However, the shining prospects of system administration in terms of making bread and butter and caviar somehow faded over the past fifteen years, and I decided to recall the old craft. But he decided at the same time to try not to move very far away from those who were familiar with them in order to somehow use the accumulated knowledge. In particular, knowledge of Microsoft products that I have been dealing with for fifteen years. For the old programming baggage like Delphi is no longer fashionable at all, you won’t get much of a roe, but you really didn’t want to go to fashionable front-end vendors, changing Powershell to JavaScript, in order to compete with the newly-made whitelists, and " the delights of the scripting language - like the impossibility of catching errors at the compilation stage - I got it in Powershell.
But then I found the difficulty. Microsoft, as you know, some time ago decided to become a cloud company. And for this, she began to drive her users into the clouds, for which she clearly decided to kill all her wonderful local business products, such as my favorite Exchange. And this automatically makes devoid of any prospect the development of programs related to these products. However, on reflection, I found what seemed to be an acceptable compromise: write an extension for the Active Directory Federation Service (AD FS). Because this service, used in a variety of authentication and authorization scenarios in distributed systems, has a much better chance of surviving in the modern world than solutions tailored for purely “on-premises” applications. In particular,it can be used to authorize access to applications in the Microsoft cloud based on authentication in Active Directory on the ground. Therefore, the use of knowledge and experience with this service (which I have a little) may have at least some perspective for the future.
, , . , , , - . , .
- , Microsoft Windows Server 2012 R2, ADFS , , , , , , . , . , , . , — Microsoft - , .
, , .
, . , , . : .NET CLR C#, , . , .NET Powershell , . , , , ( ) . — - - - Microsoft GitHub - SMS — , , - , , , API , — , .
, , .
: , ADFS HTML , , , , . , , , , , , : « ?» , , «, » ( ADFS hidden input, ), , — , . , ADFS, — null,
(claims) ( — URI) — ( URI, ). , . — .
. - , . : URI URL, ( ) urn. GAC ADFS . . , HTML, . .
, ADFS , , ID 364 «Microsoft.IdentityServer.RequestFailedException: No strong authentication method found for the request...», - , , . , ADFS , . , ( , ADFS URL ) — . , .
, , , ADFS , , . , , — , , , . : , , — , , , — . , — .
— — . , , — , , — : , , . . ( — ) . , : - , ( ) , «!», . , ( ): , , , , , . , . .
— -. — ( , ). — , . GitHub — , , API . - - — . URI — . , , , , ( ). , — . , ,
, : ( ) «http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod», (, ) «» , : «https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod». , , - . , , , .
. - Microsoft, : . - , - http https:
URI , URL, URL . — . - Microsoft, . : 100% , — , - . ( — ), , .
P.S.: , . - — , .