stackoom
  简体   繁体   中英

Implementing active authentication using ADFS

 原文  2016-02-16 05:30:48       asp.net/ authentication/ adfs

Question

I am working on the authentication with Active Directory using ADFS.

While searching, I got few articles to accomplish this requirement, but they are suggesting to redirect the Login page of application to Login page of ADFS and then come back.

Redirecting to ADFS Login page is not suggested as per user experience.

Can anyone help me to find out the solution to authenticate with active directory using ADFS behind the scene ? So, everything will be handled by application code, not by ADFS login page.

Please advise.

Please let me know if you have any concern or query or if you need more information.

1 answers

solution1
 2  2016-02-16 17:31:31

The reason those articles suggest you redirect (using WS-Federation protocol) to the ADFS login page is because it allows you to set up federation to other identity providers (allow an external company' employees to use their own credentials to log in to your application).

What you want can be done using the WS-Trust protocol, but you'll give up (or have to implement yourself) the possibility to federate.

ADFS exposes endpoints like /adfs/services/trust/13/usernamemixed that you can talk to to get a security token. Something like below should get you going. 

public class UserNameWSTrustBinding : WS2007HttpBinding
{
    public UserNameWSTrustBinding()
    {
        Security.Mode = SecurityMode.TransportWithMessageCredential;
        Security.Message.EstablishSecurityContext = false;
        Security.Message.ClientCredentialType = MessageCredentialType.UserName;
    }
}

private static SecurityToken GetSamlToken(string username, string password)
{
    var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(), "https://yourdomain.com/adfs/services/trust/13/UsernameMixed")
        {
            TrustVersion = TrustVersion.WSTrust13
        };

    factory.Credentials.UserName.UserName = username;
    factory.Credentials.UserName.Password = password;

    var rst = new RequestSecurityToken
    {
        RequestType = RequestTypes.Issue,
        AppliesTo = new EndpointReference("https://yourdomain.com/yourservice"),
        KeyType = KeyTypes.Bearer
    };

    var channel = factory.CreateChannel();

    return channel.Issue(rst);
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Implementing Authentication using ADFS in ASP.NET? Implementing SSO using ADFS Implementing authentication and authorization using OWIN Custom authentication with ADFS(Not multifactor) ADFS relying party authentication ADFS Authentication in C#.Net Add custom data to ADFS authentication How to include an additional claims to the id_token when using OpenID Connect with active directory federation services(ADFS)? Getting error while ADFS SSO authentication using Fedlet using asp.net Implementing Azure ADFS in Web Forms Application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM