none
Console application to use HttpClient with ADFS authentication RRS feed

  • Question

  • I would like to access our API (for testing mostly) via a C# console application. Our web application is secured with an ADFS STS. My issue is how to do the authentication and redirection using an HttpClient (or similar, I am not fussed).

    I've read this page (https://msdn.microsoft.com/en-us/library/cc236591.aspx) with all the examples of the requests and responses, but I cannot seem to get it to work. My code is basic:

    Uri baseAddress = new Uri("http://localhost:64022");
    
    using (HttpClient client = new HttpClient() { BaseAddress = baseAddress })
    {
        HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "#");
        HttpResponseMessage response = client.SendAsync(request).Result;
    
        var encoding = ASCIIEncoding.ASCII;
        using (var reader = new System.IO.StreamReader(response.Content.ReadAsStreamAsync().Result, encoding))
        {
            string responseText = reader.ReadToEnd();
        }
    }

    The response is an HTML form with an action of my application (localhost:64022) and a 'wa', 'wresult' and 'wctx' payload. If I use those form inputs to generate a second request I get an unauthorised error. Can anyone guide me as to the steps I need to take to accomplish this?

    Friday, September 2, 2016 5:00 AM

All replies

  • Hi hsimah,

    The link below might be useful to you.

    Securing a Web API with ADFS on WS2012 R2 Got Even Easier

    Regards,

    Tony


    Help each other

    Friday, September 2, 2016 7:38 AM
  • I would like to use that, but it is woefully out of date. The AcquireToken method no longer exists (replaced by many async methods), but there isn't one with a matching signature. And I don't know enough about the rest of the options to decided which I should use.
    Monday, September 5, 2016 2:52 AM
  • Hi hsimah,

    >> Our web application is secured with an ADFS STS.

    How did you achieve ADFS in your web application? If you login web application from web browser, will it redirect and work correctly? Could these requests be captured by Fiddler?

    Based on your description, it seems you send second request with form inputs. For a similar way, I suggest you refer the link below:

    # Performing a SAML Post with C#

    http://www.codeproject.com/Articles/56640/Performing-a-SAML-Post-with-C

    In addition, I suggest you try to get a single token from response, and send request with token.

    For getting a SAML protocol response, I suggest you refer the link below:

    # How to get a SAML Protocol Response from ADFS using C#

    https://blogs.msdn.microsoft.com/rodneyviana/2014/04/21/how-to-get-a-saml-protocol-response-from-adfs-using-c/

    For authentication, I suggest you refer

    # ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios

    https://leastprivilege.com/2012/03/14/asp-net-webapi-security-4-examples-for-various-authentication-scenarios/

    Best Regards,

    Edward

    Disclaimer: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.



    Monday, September 5, 2016 6:35 AM
  • I will look into your suggestions today - I have other work to do first though.

    I am not certain how the ADFS itself is configured, but for our app I have the following sections in our Web.config file:

    <system.identityModel>
            <identityConfiguration>
                <audienceUris>
                    <add value="http://app.company.com/" />
                </audienceUris>
                <securityTokenHandlers>
                    <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
                    <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
                </securityTokenHandlers>
                <certificateValidation certificateValidationMode="None" />
                <issuerNameRegistry>
                    <trustedIssuers>
                        <add thumbprint="15A488B86F697F9B14BB2F87188DCA415731B0C2" name="https://sts.company.com/adfs/services/trust" />
                    </trustedIssuers>
                </issuerNameRegistry>
            </identityConfiguration>
        </system.identityModel>
        <system.identityModel.services>
            <federationConfiguration>
                <cookieHandler requireSsl="false" persistentSessionLifetime="1.0:0:0" />
                <wsFederation persistentCookiesOnPassiveRedirects="true" passiveRedirectEnabled="true" issuer="https://sts.company.com/adfs/ls/" realm="http://app.company.com" requireHttps="false" />
            </federationConfiguration>
        </system.identityModel.services>

    That's about all we did for our configuration. In IE you browse to http://app.company.com and it does a redirect to the STS and then back. It all happens quite quickly, but I can capture these using the dev tools in the browser. I attempted to replicate these form submissions and redirects with code, but I got 401 unauthorised responses.

    Thanks for responding. I will reply again when I have read your pages and given the code in there a go.

    Monday, September 5, 2016 11:30 PM