locked
ADFS IN ASP.NET 4.5 RRS feed

  • Question

  • User-958338911 posted

    Hello Everyone,

    I have a legacy asp.net(4.0) application. Now the client needs SSO using ADFS integration. I found sample application using MVC and .net 4.6 with startup.cs and <g class="gr_ gr_13 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="13" data-gr-id="13">porgram</g>.cs files. 

    Can anybody help me how to achieve ADFS authentication using ASP.Net 4.0 or 4.5 using global<g class="gr_ gr_12 gr-alert gr_gramm gr_inline_cards gr_run_anim Style multiReplace" id="12" data-gr-id="12">.asax ?</g>

    Thanks in advance

    Kiran

    Monday, January 28, 2019 4:37 PM

All replies

  • User753101303 posted

    Hi,

    If you really can't upgrade from 4.0 (which is AFAIK not supported any more) you could try perhaps WIF 3.5 (https://docs.microsoft.com/en-us/dotnet/framework/security/whats-new-in-wif is for 4.5 but describes changes from 3.5, maybe you'll find the 3.5 documentation archived). Depending on your OS, WIF 3.5 could be a Windows feature : https://dynamicsofdynamicscrm.com/2015/09/11/quick-tipenabling-windows-identity-foundation-on-windows-10-machines/

    If you can upgrade to 4.5.2 (which is AFAIK the oldest supported version) just create a Template using http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/ and move your app to this by adding the missing nuget packages and code.

    Monday, January 28, 2019 5:21 PM
  • User-958338911 posted

    Hello <g class="gr_ gr_16 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="16" data-gr-id="16">PatriceSc</g>,

    Thank you very much for your help. I tried first option, .net framework 4.0 and prepared a solution referring this link(framework changed to 4.5), https://docs.microsoft.com/en-us/dotnet/framework/security/how-to-build-claims-aware-aspnet-web-forms-app-using-wif However, when I deployed and browse my application link, it gives only the federationmetadata.xml in response with no login/claim details. What could be my mistake or am I missing something in configuration? The web.config is similar as suggested in the link above.

    AFAIK It should display the claim details when I hit my site(Relying party). It should take the logged-in name (AD) from current machine and send the request to ADFS to get the valid token. If the user is valid, it should give us back the ClaimPrincipal with its details. If the user is not valid, it should ask for the credential

    Any help is appreciated, Thanks

    Wednesday, January 30, 2019 8:26 AM
  • User753101303 posted

    This XML file should never be part of the response. My understanding is that you are using now 4.5. In  this case just use the latest option and it should work (and this is what I'm using).

    Wednesday, January 30, 2019 9:02 AM
  • User-958338911 posted

    Hello <g class="gr_ gr_104 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="104" data-gr-id="104">PatriceSc</g>,  I just use VS 2012 and framework 4.5. In the latest option, is it possible to initialize the application programmatically? Because at present, the user sets the authentication mode(1: NT, 2: own Users, 3: LDAP) etc and accordingly the application asks the login and validates users. Now in the same application how can we implement ADFS SSO?

    Thanks,

    Wednesday, January 30, 2019 10:34 AM
  • User-958338911 posted

    This XML file should never be part of the response.

    With VS 2012 & framework 4.5, Do you think I am missing any configuration? Also, How does it picks the current user windows LDAP login and sends the request to the ADFS server?

    Wednesday, January 30, 2019 12:10 PM
  • User-958338911 posted

    Hello Everyone,

    With framework 4.6.1, I have achieved the ADFS authentication. However, when the authentication is successful for SSO, we are not able to get user identity/ClaimPricipal in our application. The User.Identity.IsAuthenticated appears true but User.Identity.<g class="gr_ gr_3565 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" id="3565" data-gr-id="3565">Name</g> appears null. I tried Httpocontext.current.<g class="gr_ gr_4172 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" id="4172" data-gr-id="4172">user</g>, Request.LogonUserIdentity, Request.ServerVariables["LOGON_USER"] with no success.

    I also tried disabling anonymous authentication and enabling Windows authentication with no success. Can anyone help me how to get the user identity or claim principal? 

    Thanks in advance

    Kiran

    Friday, February 1, 2019 5:20 PM
  • User1724605321 posted

    Hi justKiran ,

    Can you please  check that the STS includes a Name claim for the user,  so that current  thread's principal identity will be filled .

    Best Regards,

    Nan Yu

    Wednesday, February 6, 2019 5:13 AM
  • User753101303 posted

    You can configure on the ADFS side which claims are sent back to your app. See for example :
    https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-rule-to-send-ldap-attributes-as-claims

    Wednesday, February 6, 2019 10:29 AM