I followed the asp docs about how to integrate WSFederation Authentification. Everythings seems to works fine, when I click on the login button I'm redirect to ADFS authentification, if I log successfully, I am redirected to a custom URL of my own site which is my-site/signin-federation and I have on the post form all the information I need :
wa: wsignin1.0
wresult: <t:RequestSecurityTokenResponse
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:Lifetime>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">2018-05-23T11:08:47.185Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">2018-05-23T12:08:47.185Z
....
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
</t:RequestSecurityTokenResponse>
wctx: CfDJ8Lp0GPWDKXhKtxXAHQ4o3dnyz4eNuSpptiYpvV5V4p3k-
x0vqv5k3mUfURKB37wOgTPsPfT7ThPoS7fwQMDmZzgXDRcvKG5ZWrorGj3TZLBQew5rKtoU9vjP4_4O
AdvsySsre3GL9yycNirU6ld_Gn_YKVYguhRygMLKkajlM3vtbsM2XYiFdTgRIcPt_l1xJNwOD2KblRh-xTuiHnli0wVokPt-gokwP7uIbo7E50j2mL15oL802QF_c_U_-4nB81oBouZXJSw7rCY-ahzVIFc
I put the ID Name in the revendication just like explained by the docs. So now in my ASP.Net Core application on my custom URL, I got that :
[HttpPost]
[AllowAnonymous]
[Route("/signin-federation")]
public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
{
if (remoteError != null)
{
return RedirectToAction(nameof(Login));
}
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
{
return RedirectToAction(nameof(Login));
}
// Sign in the IdentityUser with this external login provider if the IdentityUser already has a login.
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: true);
if (result.Succeeded)
{
return Redirect(returnUrl);
}
return Ok();
}
but info is always null and I don't know how to force parsing the form data ...
You just need to change the WS-Federation Passive Endpoint to be the same as you have as the identifier, doing this you will have access to the SecurityTokenValidated event; the ticket and the claims will be accessible now from context.SecurityToken and context.Principal.Claims.
On this page https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-5.0 you can see in the 'Configure Url' step this solution.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.