Last post Feb 06, 2019 10:29 AM by PatriceSc
Jan 28, 2019 04:37 PM|justKiran|LINK
I have a legacy asp.net(4.0) application. Now the client needs SSO using ADFS integration. I found sample application using MVC and .net 4.6 with startup.cs and porgram.cs files.
Can anybody help me how to achieve ADFS authentication using ASP.Net 4.0 or 4.5 using global.asax ?
Thanks in advance
Jan 28, 2019 05:21 PM|PatriceSc|LINK
If you really can't upgrade from 4.0 (which is AFAIK not supported any more) you could try perhaps WIF 3.5 (https://docs.microsoft.com/en-us/dotnet/framework/security/whats-new-in-wif
is for 4.5 but describes changes from 3.5, maybe you'll find the 3.5 documentation archived). Depending on your OS, WIF 3.5 could be a Windows feature :
If you can upgrade to 4.5.2 (which is AFAIK the oldest supported version) just create a Template using
http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/ and move your app to this by adding the missing nuget packages and code.
Jan 30, 2019 08:26 AM|justKiran|LINK
Thank you very much for your help. I tried first option, .net framework 4.0 and prepared a solution referring this link(framework changed to 4.5), https://docs.microsoft.com/en-us/dotnet/framework/security/how-to-build-claims-aware-aspnet-web-forms-app-using-wif However,
when I deployed and browse my application link, it gives only the federationmetadata.xml in response with no login/claim details. What could be my mistake or am I missing something in configuration? The web.config is similar as suggested in the link above.
AFAIK It should display the claim details when I hit my site(Relying party). It should take the logged-in name (AD) from current machine and send the request to ADFS to get the valid token. If the user is valid, it should give us back the ClaimPrincipal with
its details. If the user is not valid, it should ask for the credential
Any help is appreciated, Thanks
Jan 30, 2019 09:02 AM|PatriceSc|LINK
This XML file should never be part of the response. My understanding is that you are using now 4.5. In this case just use the latest option and it should work (and this is what I'm using).
Jan 30, 2019 10:34 AM|justKiran|LINK
Hello PatriceSc, I just use VS 2012 and framework 4.5. In the latest option, is it possible to initialize the application programmatically? Because at present, the user sets the authentication mode(1: NT, 2: own Users, 3: LDAP) etc and accordingly the application
asks the login and validates users. Now in the same application how can we implement ADFS SSO?
Jan 30, 2019 12:10 PM|justKiran|LINK
This XML file should never be part of the response.
With VS 2012 & framework 4.5, Do you think I am missing any configuration? Also, How does it picks the current user windows LDAP login and sends the request to the ADFS server?
Feb 01, 2019 05:20 PM|justKiran|LINK
With framework 4.6.1, I have achieved the ADFS authentication. However, when the authentication is successful for SSO, we are not able to get user identity/ClaimPricipal in our application. The User.Identity.IsAuthenticated appears true but User.Identity.Name
appears null. I tried Httpocontext.current.user, Request.LogonUserIdentity, Request.ServerVariables["LOGON_USER"] with no success.
I also tried disabling anonymous authentication and enabling Windows authentication with no success. Can anyone help me how to get the user identity or claim principal?
Feb 06, 2019 05:13 AM|Nan Yu|LINK
Hi justKiran ,
Can you please check that the STS includes a Name claim for the user, so that current thread's principal identity will be filled .
Feb 06, 2019 10:29 AM|PatriceSc|LINK
You can configure on the ADFS side which claims are sent back to your app. See for example :