Remove From My Forums

Step by Step to authenticate using ADFS in ASP.NET

Question
0

Sign in to vote
Hi,

I have the following scenario:

An application AP1 requests a SAML token from ADFS server, authenticating to that security token service.
The security token service issues a SAML token to a second Application, AP2. The SAML token is signed with a certificate associated with the security token service and contains a proof key encrypted for the target service.
AP2 also receives a copy of the proof key. AP2 then presents the SAML token to the application service of AP1 and signs the message with that proof key.
The signature over the SAML token tells the relying party that the security token service issued the token. The message signature created with the proof key tells the relying party that the token was issued to the client.

Is there any C# code that can walk me through on I can build AP2 as described above? And how about the part that ADFS authenticate and sends out token? Is there any sample code that I can follow?

Thanks in advance. Your help would be greatly appreciated!
- Edited by wkpli Thursday, May 26, 2016 1:14 PM
Wednesday, May 25, 2016 2:42 PM

Answers

1

Sign in to vote
So this is delegation / impersonation / "act as"?

In addition to @Pierre's link, this may help:

Delegation and Impersonation with WCF

Note that this is using the active browser profile i.e. WCF to do this.

If you want a more modern approach, you'll have to wait for ADFS 4.0 (Server 2016).

Since ADFS 4.0 supports OAuth, you can do something like:

Calling a downstream web API from a web API using Azure AD

This is for Azure AD but the steps are similar.

There are some posts e.g. ADFS : Daemon and Web API on Server 2016 TP4 ADFS 4.0 to refer to.

This approach uses web API.
- Edited by nzpcmad1 Thursday, May 26, 2016 7:06 PM sp
- Proposed as answer by Pierre Audonnet [MSFT]Microsoft employee Thursday, May 26, 2016 7:18 PM
- Marked as answer by Pierre Audonnet [MSFT]Microsoft employee Monday, June 13, 2016 2:04 PM
Thursday, May 26, 2016 7:04 PM

All replies

0

Sign in to vote

If you are looking at "token" delegation, this is the only doc I am aware of: https://technet.microsoft.com/en-us/library/adfs2-identity-delegation-step-by-step-guide%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396 a bit dated but should still work... Does this help?
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Thursday, May 26, 2016 6:40 PM
1

Sign in to vote
So this is delegation / impersonation / "act as"?

In addition to @Pierre's link, this may help:

Delegation and Impersonation with WCF

Note that this is using the active browser profile i.e. WCF to do this.

If you want a more modern approach, you'll have to wait for ADFS 4.0 (Server 2016).

Since ADFS 4.0 supports OAuth, you can do something like:

Calling a downstream web API from a web API using Azure AD

This is for Azure AD but the steps are similar.

There are some posts e.g. ADFS : Daemon and Web API on Server 2016 TP4 ADFS 4.0 to refer to.

This approach uses web API.
- Edited by nzpcmad1 Thursday, May 26, 2016 7:06 PM sp
- Proposed as answer by Pierre Audonnet [MSFT]Microsoft employee Thursday, May 26, 2016 7:18 PM
- Marked as answer by Pierre Audonnet [MSFT]Microsoft employee Monday, June 13, 2016 2:04 PM
Thursday, May 26, 2016 7:04 PM
0

Sign in to vote
Thanks Pierre. I think that is more or less what I want, but I still want to confirm as I am new to this.

Basically, client makes a call to the service, and we will need to authenticate the call using the token that was issued from ADFS.

Please confirm. Thanks.
- Edited by wkpli Tuesday, May 31, 2016 8:26 PM
Tuesday, May 31, 2016 8:23 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Step by Step to authenticate using ADFS in ASP.NET

Question

Answers

All replies