SAML 2.0 protocol support in .Net 4.5 standard - asp.net

I’m looking for a package to support SAML protocol on my IDP built in .Net 4.5 standard. I need to return SAML responses to the SP, either SP initiated or IDP initiated.
Do you have a solution for this without upgrading to .Net core with Windows Identity Foundation (WIF) support ?

You can use componentSpace saml library.
We are using both. Net 4.5 and . Net core libraries and it is a great solution.
https://www.componentspace.com/saml-for-asp-net?gclid=CjwKCAjw_o-HBhAsEiwANqYhp7BkOttS4Vve4QHJz-PS6taO89AV6gflhB6FgUZMmuZ1qNq65wgsDhoCf4wQAvD_BwE
If you are not willing to purchase any tool, you can write code by yourself as well. If you follow the saml standards carefully, it will be easy to code.

I would strongly advise you not to write the code yourself!
There is a list of SAML client-side stacks here.
I'm confused about the reference to WIF though because WIF is WS-Federation not SAML.

I'm afraid that the ITfoxtec Identity SAML 2.0 package do not support neither .NET Framework 4.5 or WIF.
You need to upgrade to at least .NET Framework 4.6.1.

Related

Does .Net Framework 4.8 support SNI?

I'm making an HTTPS call over TLS 1.2 with client certificates to another company using .Net Framework 4.8 and the handshake fails after the client certificate is sent. Their company support claims .Net framework does not support SNI using this page as reference https://www.ssls.com/knowledgebase/what-is-sni-technology/. However my network capture indicates it does, since it includes the "server_name" extension in the client hello..Net framework call with SNI extension The same call can be made successfully using python so there is evidence they are correct, but I can't find any definitive answer online regarding .Net Framework. How can we determine if the issue is their network or lack of support in our framework?
Edit: This website indicates there is support since 4.5 https://developer.awhere.com/api/server-name-indication-sni-support-requirements
.NET Framework don't care about SNI support, because .NET has no knowledge of it. Network operations in .NET Framewrok are built around a network stack and low-level API provided by operating system. If you were able to install .NET 4.8, then you are running your app on a modern client that certainly supports SNI. This means that the issue is elsewhere, but not in .NET Framework.
I can't find any definitive answer online regarding .Net Framework
and you won't find for reasons explained above.
The simple answer is no, it does NOT, not in NetStandard 2.0 either.
But it does with netcore-5+.
Prior to that, while it supported client connections, it did not support customized selecting of the TLS-certificate based on SNI prior to netcore-5.
You could do it prior to that with the StreamsExtended library, though.
However, that's not part of the official .NET Framework, but a 3rd party library.
So no, the full .NET framework does not support that at all.

Using Pingfederate with .NET Core 2.0 or above

I am researching how to use pingfederate authentication with .Net Core2 and I did not find much that would go with .NET Core 2. The only nuget package I found about this was Owin.Security.Providers.PingFederate I was wondering if there is a newer approach?

which version of mvc is using in asp.net core 2.0? is is MVC 6 or use different name?

which version of mvc is using in asp.net core 2.0? is is MVC 6 or use different name ?
What is .net 5?
what is .net standard ?
these questions are from an interview.plz help
The .NET Standard is a formal specification of .NET APIs that are intended to be available on all .NET implementations.https://learn.microsoft.com/en-us/dotnet/standard/net-standard .ASP.NET5.0 Is Called ASP.NET Core 1.0 and In the ASP.NET Core 1.0 release, Web API is merged with ASP.NET MVC, termed as MVC 6
They're totally unrelated. "MVC 6" was sort of like a codename for Core when it was still in early stages. ASP.NET MVC and ASP.NET Web Api are totally separate from ASP.NET Core. Now, it's just "Core". There is no "MVC" or "Web Api", because Core controllers do both functions. ASP.NET MVC and ASP.NET Web Api live on and although they will probably eventually be deprecated, they could presumably (though not likely at all) get new releases. At the very least, they'll be patched for the foreseeable future.
ASP.NET Core is a complete rewrite from the ground up. It was originally created simply to be a cross-platform alternative to ASP.NET, and I think the original plan was to keep both ASP.NET and ASP.NET Core as potential development options. However, as ASP.NET Core became more competent, it has pretty fully eclipsed ASP.NET; we now have a cross-platform framework that can run on Windows, Mac and Linux and can do virtually anything the Windows-only framework can. Therefore, why keep the Windows-only framework?
Asp.net Core 2.0 is MVC 6 and The framework is 4.6.1
To start with development you need to have VS-2017 and for 1.X you can start with VS-2015.
Please refer the below link for clear presentation of .NetCore 2.0 so that you can get good knowledge to kick start your development.
Official Asp.Net Core Documentation Url

Ws-Federation authentication with ASP.NET Core

I am migrating an ASP.NET application to be on ASP.NET Core, but have met a problem of Ws-Federation authentication: there is no [Ws-Federation] (https://www.nuget.org/packages?q=Microsoft.Owin.Security.WsFederation) OWIN middleware available in ASP.NET Core platform.
But I noticed all authentication middleware for ASP.NET Core are now under Microsoft.AspNetCore.Authentication namespace, so I searched all packages from nuget.org and found most of the authentication packages are there, but unfortunately only the Microsoft.AspNetCore.Authentication.WsFederation is missing.
So, I would like to know, if the package is missing because it is not implemented yet or any other reason? Alternatively, is there existing ASP.NET Core based authentication middleware for Ws-Federation?
It's not implemented yet, mainly because .NET Core doesn't have the encrypted XML and XML dsig classes needed.
See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/500
I've ported the Katana middleware over to ASP.NET Core. It has a hard dependency on the full .NET Framework since that is the only place the required libraries exist right now.
https://github.com/chrisdrobison/aspnetcore-wsfed
It appears .NET Core 2.1 WS Federation package is now available. Microsoft.AspNetCore.Authentication.WsFederation.
More information found at the following link:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-2.1

Which Technology Stack Should I Use for Claims-Aware Applications

This is a second attempt with better wording of the problem I'm facing.
I have a simple requirement to implement an application that will allow web applications and standalone services that will be claims-aware (using ADFS). Note that I am talking about windows services in addition to web applications.
Which enabling interoperable technologies should a developer pick?
For the life of me, I can't find a resource that says: to build a claims-aware application using the latest upcoming frameworks, install these packages.
From a framework point of view, I am talking about the following:
Microsoft.IdentityModel
Microsoft.Owin
System.IdentityModel
Microsoft.Asp.Net.Identity
Which should I be using? Alpha / Beta packages are fine.
Thank you,
Richard
in .net 4.5 IdentityModel is now part of the core libraries (so it no longer called Microsoft.IdentityModel).
So for your system you would need the following:
System.IdentityModel for the FederationAuthenticationModule (which intercepts and verifies your SAML token submission) and for the SessionAuthenticationModule (which serializes/deserializes your claims.)
To create the claims that you will send between your applciations you would use:
System.Security.Claims
as I mentioned these are both in .net 4.5.
Microsoft.IdentityModel is the one you are looking for.
Microsoft.IdentityModel.Claims for IClaimsIdentity interface.
Microsoft.IdentityModel.Web for WSFederationAuthenticationModule.
Yup - System.IdentityModel is the way to go.
Refer: What's New in Windows Identity Foundation 4.5.
If you are wondering what the difference between WIF 3.5 and 4.5 is, refer:
Guidelines for Migrating an Application Built Using WIF 3.5 to WIF 4.5

Resources