stackoom
  简体   繁体   中英

C# ADFS SAML token with Windows Auth / Current logged in user

 原文  2017-01-26 20:42:14       c#/ saml/ adfs

Question

How do I generate a SAML token without using credentials again?

Scenario: I am trying to send a SAML token to SAP web service. Since multiple users will be using this application I do not want to ask them for credentials but instead get them from current machine windows credentials and generate a SAML token.

This is what is currently being used in my code. 

factory.Credentials.UserName.UserName = "bob";
factory.Credentials.UserName.Password = "abc!123";

// create token request
var rst = new RequestSecurityToken
{
    RequestType = RequestTypes.Issue,
    KeyType = KeyTypes.Symmetric,
    AppliesTo = new EndpointReference(_serviceAddress.AbsoluteUri)
};

1 answers

solution1
 0  2018-05-31 17:28:43

I use this method in my code to pass through the credentials of the logged in user to our ADFS server for single-sign in to O365 from the applications I write; you might be able to adapt the code to suit your purposes: 

    private GenericXmlSecurityToken NewGetAdfsSamlTokenWinAuth()
    {
        try
        {
            WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.Transport);
            binding.Security.Message.EstablishSecurityContext = false;
            binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
            WSTrustChannelFactory factory = new WSTrustChannelFactory((binding), new EndpointAddress(this.adfsIntegratedAuthUrl));
            factory.TrustVersion = TrustVersion.WSTrustFeb2005;
            factory.Credentials.SupportInteractive = false;
            var rst = new RequestSecurityToken
            {
                RequestType = RequestTypes.Issue,
                AppliesTo = new EndpointReference("urn:federation:MicrosoftOnline"),
                KeyType = KeyTypes.Bearer
            };
            IWSTrustChannelContract channel = factory.CreateChannel();
            return channel.Issue(rst) as GenericXmlSecurityToken;
        }
        catch (Exception ex)
        {
            // Do something with the exception
        }
        return null;
    }

This will return a GenericXmlSecurityToken which has a TokenXml.OuterXml property that contains the SAML assertion.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can get in C# the AD group list information for a specific user who has logged into a website through ADFS and SAML? Is it possible to inject claims into a SAML token using a custom c# module from an ADFS server? Getting SAML token from ADFS using windows credentials Get windows user logged C# ASP How to validate ADFS SAML token How to get a SAML token from ADFS sever to pull data from dynamics CRM on-premises (non-sdk) in c#? User logged in using ADFS auth is getting redirected to ADFS server after 30 minutes of idle time Access Current logged in Users download folder in c# windows service How to get the Federated token of a logged in user - Razor site c# Getting logged in user not the user running the program C#, Windows
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM