I have a traditional ASP.NET 3.5 Web Forms application. As of now it is using On-Premise ADFS which is working fine. Now we have a requirement to change on-premise ADFS to Azure ADFS.
In the web.config, I have changed the required URL to point to Azure ADFS but it is not working. I checked Stackoverflow and Googled around but I found examples related to ASP.NET MVC and ASP.NET Core where changes are required in Startup.cs file.
I want to know what all changes are required in my traditional Web Forms application. Any example link would help.
You should be able to get it working by using the Azure AD parameters rather than the ADFS ones e.g. metadata. What protocol are you using?
There are some ADFS samples. Look at the LHS under ADAL and MSAL. These generally start with an Azure AD sample and show how to convert to ADFS. So you can then work "backwards".
Update
I had a look at that code. It looks like OIDC? "Redirect_Uri" is not a WS-Fed parameter.
There is a WS-Fed sample here.
Related
I'm looking for a good MFA provider to be incorporated to a legacy Web Forms application that uses Forms Authentication for security. It seems most of the MFA providers I see (such as Authy) are built around ASP .NET Identity. I'm trying to look for a solution that doesn't scratch the legacy application much... migrating the legacy application to ASP .NET Identity will be a nightmare. I've tried looking into Authy, Auth0, PingID and Okta and they all seem to be overkill for our use case. I'm trying to find an MFA provider that can work alongside Forms Authentication.
I use https://www.twilio.com/ for my MFA. I am only using the SMS functionality though, so essentially you need to hook up their sms code with your form authentication process. The only difference is that you don't have the identity component (which I highly suggest that you implement). Check out the C# code here for more info on the SMS API procedure: https://www.twilio.com/docs/sms/quickstart/csharp-dotnet-framework.
I understand that the following is for MVC, but you can convert the code to Web Forms as well: https://www.twilio.com/docs/sms/tutorials/two-factor-authentication-csharp-mvc.
The above example also uses the identity framework, but just take a look at the implementation of using SMS and you can migrate the concept into your web form.
I already have more than 10 applications developed using ASP.NET. There are different versions for frameworks 2.0, 3.5 and 4. Currently I need to apply single sign on on all of my applications using Windows Azure Active Directory SSO. But I do not know what the code or library should be added to my application to be configured with the Azure SSO. Do I need to re-develop my application or recreate it with different versions? Does anyone know what I should do?
Different .NET frameworks should not be a problem. You should be able to implement SSO for all of these applications, but you will need to add it individually to each one. You will need to add it in the code of the application itself and then register each application to your tenant.
Here is a very good tutorial that shows you step by step how to add SSO to a published web application in Azure using OpenID Connect. You can follow the steps exactly and build their demo version to test it out, or follow their steps at the bottom that show how to implement SSO in your own application.
https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect
Here is the official Microsoft documentation, which also describes how to implement SSO: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps
Alternatively, if you want to use a library that is already integrated with Visual Studio, you can go to Project > Add Connected Service > Authentication with Azure Active Directory.
The "SSO" in this case refers to SAML. To do SAML in C#, look into Windows Identity Foundation (WIF), which includes some SAML support.
Note that doing SAML SSO involves more than just dropping in the right kind of username/password field. You need to have additional special pages to handle certain redirects, and have a way to store exchange saml metadata with your Azure AD identity provider. It can be painful.
Where can I find a complete code sample (the entire project) that includes the following:
.NET Web Api 2
.NET Identity 2.0
External login provider
Token authentication instead of cookies
I have a Web API project working with an external login provider but it uses cookie authentication and does not use .NET Identity. I can't find any complete code examples that include the above four requirements.
The best working example one can find is the series of Mr.Mittal at Codeproject in it one can find Entity Framework, Generic Repository pattern and Unit of Work.
Also all the stuff you explained
.NET Web API 2
.NET Identity 2.0
External login provider
Token authentication instead of cookies
keep up with him you'll get to know how this all works here is the link Enterprise Level Application Architecture with Web APIs using Entity Framework, Generic Repository Pattern and Unit of Work
I have been tasked to set up Single Signon for asp.net application (SAAS) using IIS server with a client who has ADFS3.0 for providing identity credentials. the users authenticated will be allowed to log in to the web application but i have been going through a lot of information as how to set up service provider files as the application is already running.
what settings and where do i need to configure them. any help will be greatly appreciated.
The "modern" way to do this is by using OWIN.
You will have to change your application as per Use the OWIN Security Components in ASP.NET to Implement Web Sign On with ADFS.
Then add your RP to ADFS and you are good to go.
For completeness. the "old" way to do this is to use WIF as in How To: Build Claims-Aware ASP.NET MVC Web Application Using WIF.
We have a classic ASP.NET web application and a SOAP based API built on it. We are planning to implement oAuth2 authorization into it to implement a service provider that can create tokens, persist them and do evaluation.
I found few examples using DotNetOpenAuth , Azure access control service but all of them are based on MVC. Any pointers on how we can implement on oAuth2 on classic ASP.NET web API?
There are quite a few examples of using DotNetOpenAuth with asp.net applications. For instance:
http://www.nuget.org/packages/DotNetOpenAuth.AspNet
http://blogs.msdn.com/b/webdev/archive/2012/09/12/integrate-openauth-openid-with-your-existing-asp-net-application-using-universal-providers.aspx
Edit
So unfortunately I don't know a direct example with asp.net.
The OAuth1 sample might help in giving the basic idea of how to integrate DotNetOpenAuth as a service provider into an ASP.NET application -
https://github.com/DotNetOpenAuth/DotNetOpenAuth/tree/master/samples/OAuthServiceProvider
And I think that using that as a base, and combining with working with the OAuth2.AuthorizationServer (as the oauth2 samples show, like https://github.com/DotNetOpenAuth/DotNetOpenAuth/tree/master/samples/OAuth2ProtectedWebApi), is a good reference point.