We have an ADFS 4 server and I'm trying to create a dot net core web app in Visual Studio 2019 that uses SAML "flow" for authentication/authorization.
I remember seeing a tool/extension in an old version of Visual Studio (2015?) that allowed you to configure some details of authentication.
But in VS2019, when I select "Cloud - Single Organization" on the new app wizard, I can't tell whether it's creating WSFed, SAML or OAuth protocol app.
Is it because AzureAD defaults to SAML?
No - Azure AD defaults to OpenID Connect.
Yes - there was a tool back in the day but that was for WS-Federation (WIF).
There was a SAML implementation of WIF for a brief moment but it was withdrawn and never formed part of the tool.
Microsoft has never had an official SAML client stack.
There are a number of options here.
Related
I have a traditional ASP.NET 3.5 Web Forms application. As of now it is using On-Premise ADFS which is working fine. Now we have a requirement to change on-premise ADFS to Azure ADFS.
In the web.config, I have changed the required URL to point to Azure ADFS but it is not working. I checked Stackoverflow and Googled around but I found examples related to ASP.NET MVC and ASP.NET Core where changes are required in Startup.cs file.
I want to know what all changes are required in my traditional Web Forms application. Any example link would help.
You should be able to get it working by using the Azure AD parameters rather than the ADFS ones e.g. metadata. What protocol are you using?
There are some ADFS samples. Look at the LHS under ADAL and MSAL. These generally start with an Azure AD sample and show how to convert to ADFS. So you can then work "backwards".
Update
I had a look at that code. It looks like OIDC? "Redirect_Uri" is not a WS-Fed parameter.
There is a WS-Fed sample here.
I am developing a web app with boilerplate "dotnet core" version. I want to authenticate user with adfs. I've searched on Google and the Boilerplate forum. But I didnt find any detailed info. I am newbie to abp.
Here is a very nice explanations and sample project using dot net core with Azure ad integration using open connect.
https://azure.microsoft.com/en-in/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/
You might also be interested in this sample: https://github.com/azure-samples/ms-identity-aspnetcore-webapp-tutorial/
This newer sample takes advantage of the Microsoft identity platform (formerly Azure AD v2.0).
While still in public preview, every component is supported in production environments.
This sample shows how to build a .NET MVC web app that uses OpenID Connect to sign-in users from a single Azure Active Directory (Azure AD) tenant using the ASP.NET Core OpenID Connect middleware.
For a quick start you can use below command
git clone https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect-aspnetcore.git
Flow
Hope it helps.
I already have more than 10 applications developed using ASP.NET. There are different versions for frameworks 2.0, 3.5 and 4. Currently I need to apply single sign on on all of my applications using Windows Azure Active Directory SSO. But I do not know what the code or library should be added to my application to be configured with the Azure SSO. Do I need to re-develop my application or recreate it with different versions? Does anyone know what I should do?
Different .NET frameworks should not be a problem. You should be able to implement SSO for all of these applications, but you will need to add it individually to each one. You will need to add it in the code of the application itself and then register each application to your tenant.
Here is a very good tutorial that shows you step by step how to add SSO to a published web application in Azure using OpenID Connect. You can follow the steps exactly and build their demo version to test it out, or follow their steps at the bottom that show how to implement SSO in your own application.
https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect
Here is the official Microsoft documentation, which also describes how to implement SSO: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps
Alternatively, if you want to use a library that is already integrated with Visual Studio, you can go to Project > Add Connected Service > Authentication with Azure Active Directory.
The "SSO" in this case refers to SAML. To do SAML in C#, look into Windows Identity Foundation (WIF), which includes some SAML support.
Note that doing SAML SSO involves more than just dropping in the right kind of username/password field. You need to have additional special pages to handle certain redirects, and have a way to store exchange saml metadata with your Azure AD identity provider. It can be painful.
We implement a web application and host in Azure. Then we want to use the SSO feature which is supported by Microsoft Azure ACS. The Condition to view our Website is that users just need to provide the email address throughout login to IdP. When we implement and configure Web application, we do follow all the instructions on the website as below
http://blog.2mas.xyz/configuring-windows-azure-active-directory-access-control/
For now, we can configure and use Window LiveID, Azure AD to login into our Website.
We have a further requirement that our site should support to login SSO from custom IdP which supports SAML 2.0 such as Okta.
Our current issues: When import the SAML 2.0 XML file to ACS, it does not understand this XML file
Please give us some suggestion to use Azure ACS and okta in this situation?
You might find the following helpful: https://www.okta.com/identity-101/integrating-sso-for-azure-ad
We are looking into Microsoft ASP .NET(WS-Federation with windows identity foundation) interoperability with WSO2 identity server. I posted the issue on the forum 14 weeks ago (http://wso2.org/forum/thread/14221) but have not got any response on the thread yet. I would really appreciate if I get some guidance on how to configure the passive STS in context to an ASP .NET client using WS-Federation protocol (windows identity foundation) for the claim based security model. In our last investigation session, we found Stonehenge project (http://incubator.apache.org/stonehenge/) as an example closest to what we want to achieve but identity server version 3.2.0 had the Passive STS feature missing which I hope has been added back to version 3.2.2.
Q1 - Can you please confirm if WSO2 identity server has got full support of WS-Federation protocol? (If yes please provide related documents, if no please suggest best alternative for Microsoft identity foundation interoperability)
Q2 - Can you please provide a guidance and a sample of how to use passive STS feature in context of an ASP .NET application using Windows Identity Foundation (WIF)?
Q3- How to administer claims in identity server to be consumed in ASP .NET application?
Q1 - WSO2 Identity Server does not have full support for WS-Federation specification.
Q2 - Identity Server has support for PassiveSTS and we are in process of writing an article on that. That will be available by next week. Will post this link here once its available.
Q3 - Identity Server has the Claim Management feature. Where you can add your own claim dialect.