将 ADFS SSO 集成到现有的 .net Web 应用程序中

Question

I have the active directory set up correctly and i can go to the IDP sign on page with a URL that looks like this:

https://SERVER/adfs/ls/idpinitiatedsignon.htm

I created a new project and am able to do a simple sign on through that app.

Now i am trying to implement that into a current web application code.

In the simple project, after the below code runs, it redirects to the IDP sign on page.

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        ConfigureAuth(app);
    }
    private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
    private static string adfsMetadata = ConfigurationManager.AppSettings["ida:ADFSMetadata"];

    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseWsFederationAuthentication(
            new WsFederationAuthenticationOptions
            {
                Wtrealm = realm,
                MetadataAddress = adfsMetadata
            });
    }
}

When this code runs in the existing project, it never redirects and instead goes ahead and loads the Default.aspx page. Am i missing something? I want the user to sign in if they aren't already, but i can't figure out why the application is not redirecting to log in. Any help would be much appreciated.

Answer 1

I found a solution after a couple days of trying. I added this code to the top of the Default.aspx page_load method to run this if not signed in:

            if (!System.Web.HttpContext.Current.Request.IsAuthenticated)
            {
                System.Web.HttpContext.Current.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" },
                    WsFederationAuthenticationDefaults.AuthenticationType);
            }