Background
I have a .NET (not MVC or ASP.NET) application (which is an Excel plugin), which performs 1 REST call for data (REST call is a protected resources - requires authenticated user). Currently this Excel plugin authenticates with the REST backend using basic authentication (with username/password input fields). Users are authenticated on a Windows domain.
Problem
I want to get rid of the username/password inputs and start using SAML2 to achieve true single signon for these users.from within this .NET application.
Question 1: Is it possible to perform client-side SAML2 authentication for my app?
Which framework/library to use?
If it is possible (I hope so...), I found this info:
"No is official C# client-side protocol stack", but there are various 3rd party libraries which implement SAML2", but these seem all focused on ASP.NET.
I've tried several libraries but they all seem to want to redirect the user (in browser - which I don't use in the app) to a specific endpoint.
I am no .NET guru, so if it is possible, any library with a clear example/tutorial would be really appreciated.
Followup 2018-12-13
So, real SAML authentication is only possible when including a WebBrowserControl in a custom pane in this Excel Add-In application. This WebBrowserControl will handle the SAML negotiation (including following all redirects etc). However, I just noticed when I access the URL which triggers the SAML authentication in Firefox (which has empty NTLM trusted URIs) that I get an authentication popup. When I enter my credentials I am authenticated.
Question 2
Can I still perform the SAML negotiation in the .NET backend without the WebBrowserControl, but by supplying the username + password which I currently still have in my GUI? Can I set the correct headers at some point in the process? If so, how?
List of SAML stacks .
Why SAML?
SAML uses browser redirects as you've pointed out.
I would suggest using the ADAL libraries ie OpenID Connect.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.