locked
Single Sign On With ADFS and skipping login page RRS feed

  • Question

  • Hello,

    Thank you for providing help.  I have a site that can authenticate with Active Directory Federated Services for Single Sign On.  Currently, the way my site works is that, by default, when a user hits my site, my code attempts to log then into SSO (I use the OWIN library for this).  If the user is not on our network, it fails to authenticate, and they are redirected to my companies login page, where they can provide their company credentials. 

     I would like to change this behavior, though.  Instead, when the user hits my page, if they authenticate, it should continue as normal and they should be redirected to my site.  But, if they do not authenticate, I do not want them redirected to our login page.  instead, I want them to be redirected back to my site, where my code will determine what they can and cannot do on the site.  I then would want to provide a link, so that they could decide to go to the login page.

    I want this behavior because the majority of users of this site will not be a part of the companies network and will not be able to authenticate.  SO, they should, by default, just see our home page.  But, there may be times when a company member might be working from home, so wont be on our network to auto authenticate.  In this case, they would then use the link that sends them to the Azure login page.

    Here is the code that I am currently using (site is ASP.net, form web page (not MVC)):

    Startup.Auth.vb:

    Partial Public Class Startup
            Dim appSettings = ConfigurationManager.AppSettings
            
            Private realm As String
            Private aadInstance As String
            Private tenant As String
            Private metadata As String
            Private authority As String
    
            Public Sub ConfigureAuth(app As IAppBuilder)
                Try
                    Dim appSettings = ConfigurationManager.AppSettings
                    If (appSettings("releaseVersion") = "DEBUG") Then
                        realm = ConfigurationManager.AppSettings("test_ida:RPIdentifier")
                        aadInstance = ConfigurationManager.AppSettings("test_ida:AADInstance")
                        tenant = ConfigurationManager.AppSettings("test_ida:Tenant")
                    ElseIf (appSettings("releaseVersion") = "PROD") Then
                        realm = ConfigurationManager.AppSettings("ida:RPIdentifier")
                        aadInstance = ConfigurationManager.AppSettings("ida:AADInstance")
                        tenant = ConfigurationManager.AppSettings("ida:Tenant")
                    End If
    
                    metadata = String.Format("{0}/FederationMetadata/2007-06/FederationMetadata.xml", aadInstance)
                    authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant)
    
                    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
                    app.UseCookieAuthentication(New CookieAuthenticationOptions())
                    Dim authOption As WsFederationAuthenticationOptions = New WsFederationAuthenticationOptions()
    
                    Dim fn = Function(context)
                                 context.HandleResponse()
                                 context.Response.Redirect("Home/Error?message=" + context.Exception.Message)
                                 Return Task.FromResult(0)
                             End Function
    
                    Dim auth_not As WsFederationAuthenticationNotifications = New WsFederationAuthenticationNotifications() With {
                            .AuthenticationFailed = fn
                         }
    
                    Dim auth_opt As WsFederationAuthenticationOptions = New WsFederationAuthenticationOptions() With {
                         .Wtrealm = realm,
                         .MetadataAddress = metadata,
                         .Notifications = auth_not
                       }
                    If (Not auth_opt.Wtrealm Is Nothing) Then
                        app.UseWsFederationAuthentication(auth_opt)
                    Else
    
                    End If
    
                Catch ex As Exception
                    Throw ex
                End Try
    
            End Sub
    
    
        End Class

    Then, on my Default.aspx.vb page load event, I do this:

    If (Not Request.IsAuthenticated) Then
                Try
                    Dim newAuth As AuthenticationProperties = New AuthenticationProperties()
                    newAuth.RedirectUri = "/?test=1"
    
                    HttpContext.Current.GetOwinContext().Authentication.Challenge(newAuth, WsFederationAuthenticationDefaults.AuthenticationType)
    
    
                Catch ex As Exception
                    Throw ex
                End Try
    
            End If

    The problem is, I do not know how to attempt to authenticate the user, determine if they are authenticated, and redirect them accordingly.  Any help would be greatly appreciated.

    thanks


    Tuesday, January 9, 2018 5:40 PM

All replies