I need to set up my .Net 5 web app so that it can connect to a SAML 2.0 login server at this internal site: [login.antares.eng.edu].
I am using this library to help me: https://www.itfoxtec.com/IdentitySaml2
I followed the directions on that site and added the required code to my Startup.cs and added an AuthController.cs controller,
but now I am unsure of how to proceed next.
To try and educate myself on how to work with SAML, I loaded up a website at
[starmaps.cosmos.n.edu] that I know uses the same SAML 2.0 login server that I need to use [login.antares.eng.edu].
When I first load the website, starmaps.cosmos.n.edu, it automatically goes to the SAML server at: login.antares.eng.edu
Using the browser developer tools, I can see the following is being sent:
https://login.antares.eng.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=aZZAbsIwEEV%2FJwI%2BcUh5pWQgUVBVJNpGhHbRTWWcASwltuaZ9PH3dYBWdNOVrdHc11NnPEbZ1E4MWjqYNby3gBQsFxP2msut2g3VVZzK4SDu96GK81F6He%2F6w1GeVpm82gKLnsGjtmbCsiRl0RKxhaVBkoZCKc2yuNeLs3zTuxaDXKSjJO2%2FsGgRHtFG0lF4IHIoOHcS0VlPidNECVQt15XjztudroGXs%2FtVxtdQaQ%2BKeFk%2BsujWegVH8AnbyRqhAyiCjX6H30rhLVll6xttKm32E9Z6I6xEjcLIBlCQEp25CAHE9tSE4m6zKeLisdywaIYIvkOdW4NtA74E%2F64VPK1XF%2FAd88EiQZU4aawjmyjb8YT0D%2BcekHesfRT52iQS3SeLPpvaoDhu4H6wd02BpuOuWxwH7S%2F0%2F4vlTwY1LQLpmWrML3xOxk21BPFyUdhaq69oVtf2Y%2B5RRhgo%2BTbMk09Psr9fZvoN&RelayState=https%3A%2F%2Fstarmaps.cosmos.n.edu%2FMapperRun%2FPages%2FMain.aspx
I am not exactly sure what is going on, but I need my web app to do the same.
How can I get my web app using the ITfoxtec library to do this?
Thanks!
You need to decorate the controller or action with the [Authorize] attribute to require authentication and automatically start the login sequence.
Like this in the sample:
https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/master/test/TestWebAppCore/Controllers/HomeController.cs#L15
Alternatively, you can add this requirement generally in Startup.cs/Program.cs.
Related
I have a application on local network with window authentication. Application is working fine. There is a old version of application too that is running on the same network. New application will replace old one later on. But for time being i need service to be exposed for old application. What i did is i made an API in the same application where window authentication is being used. Now the problem is that i don't want any kind of authentication on Web API but i am unable to test it by any tool like postman and fiddler. When i hit the URI it shows 401 error. Even i have to give windows credentials in browser to test it. After window authentication in browser service is running fine but i want to without window authentication.
I have tried many things like i put [allowanonymous] attribute on controller level. I put location tag with anonymous users in web.config file but nothing is working for me.
Can anyone tell me is it possible to do this and how?
I am trying to integrate Microsoft account login to my ASP.NET Core application. I have setup a microsoft application in the Microsoft Application Registration portal with the given redirect URI.
Here is a snippet from the Startup.cs file.
// Add external authentication middleware below. To configure them please see http://go.microsoft.com/fwlink/?LinkID=532715
app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions()
{
// I can't post my secrets here
ClientId = "my_client_id",
ClientSecret = "my_client_secret"
});
When I run the app and login via Microsoft, I get redirected to the Microsoft Login page.
It has the following query parameters (with the id's removed)
client_id:my_client_id
scope:https://graph.microsoft.com/user.read
response_type:code
redirect_uri:https://localhost:44328/signin-microsoft
state:the_state
When I sign in with my microsoft personal account, I got redirected to an error page instead.
The URL says The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application
I verified that my redirect URL in the microsoft app is exactly the same as the redirect url passed to the Microsoft log in page so I don't know what's the issue.
Another weird thing though if I log in using a Work or School account, I can proceed properly and it redirects me to the callback page.
Can anyone please help me on this? Thank you.
Double check if you are using latest version of authentication middleware in your project (there was few changes few week ago due to changes in MS OAuth - now v2 it's in use).
Double check if you have created app under new v2 endpoint - read more here: How to register an app with the v2.0 endpoint.
Double check if you have created password for your app on Microsoft Site.
Check Live SDK support option in 'Advenced' section - this should be enabled (at least in my case, but look like this doesn't help in your).
Here you can find more information:
Microsoft account is experiencing technical problems. Please try again later. (GitHub #827)
External login via Microsoft Account failed on RC2/RC3 (GitHub #866)
Enabling authentication using external providers
Update:
Ok, I see now - you have two things:
missing https (ssl), see this post,
different port number - it means that is different url and this is reason of your problem - you'r using different url than registered with your app:
http://localhost:54554/signin-microsoft - registred in app
https://localhost:44328/signin-microsoft - form your error message
I have the same problem.
I use Microsoft Oauth 2.0 to solve this problem. You can find MVC .net sample at https://azure.microsoft.com/en-us/documentation/articles/active-directory-appmodel-v2-overview/
I have an ASP.Net side that right now works with Forms Authentication. I'm implementing several Rest webservices with Web API and, in order to use them outside the browser context (e.g. a console app) it feels like I'll need Basic Authentication (refer to http://www.asp.net/web-api/overview/security/forms-authentication)
However, when I try to enable both Forms and Basic Authentication at the same time in IIS, IIS Manager tells me the following: "Challenge-based and login redirect-based authentication cannot be used simultaneously".
What should I do and how can I enable Basic Authentication so I can use Web API services outside a browser context?
Thank you.
Check this post which solves your issue http://kevin-junghans.blogspot.com/2013/02/mixing-forms-authentication-basic.html
While using Windows Organizational authentication in the ASP.net MVC project, I am unable to access the /Manager portion of PirahnaCMS. Whenever I attempt to login, it just redirects back to the login page. Is there a solution to this problem, or a workaround?
Someone asked this question, but no one posted a solution: How to get to Dashboard
Best Regards,
Saad
The Piranha CMS manager uses forms authentication. If you've configured another form of authentication in your main web.config the manager login won't work. In the upcoming version (2.3.0) the authentication mechanism will be replaceable, but in the current version the manager needs forms authentication.
You have two possible solutions:
1) Try configure the manager area to use Forms authentication by adding a separate web.config to this area.
2) Set the "front-application" to run in passive mode, i.e. disable the manager. Add a different web without the front-end and just the manager pointing to the same database.
Regards
HÃ¥kan
I've got an ASP.NET application which uses forms authentication.
We're adding on an HttpModule that responds to requests in the /webdav folder and below. We need to use basic/digest authentication for these requests.
With <authentication> set to Forms in the root web.config, requests from webdav clients are receiving a 302 redirecting the user back to the login page.
Is MADAM the best way to achieve this?
I think MADAM would work well for you.
I'm using MADAM to make RSS feeds available that are specific to logged in users accessible to RSS Readers. I am also planning on using it when we implement mobile app access into our application. That way we can use the same controller logic and change the authentication using MADAM.
I would suggest that you use HTTPS requests if you're doing BASIC authentication. Also, if you are using IIS 7, make sure you add the http modules configuration into the system.webServer/modules section. I wasn't paying much attention and wasted time diagnosing why it was working locally and not on the development server in IIS 7.