I want to implement SSO in my ASP.Net Web application running on v.4.0 using ping Federate as Identity Provider.I have tried searching through a lot of stuffs on SSO in .net and all but did't got and clarification yet.
Any help to understand the way of doing SSO or and sample application to do is appreciable.
Related
I have a traditional ASP.NET 3.5 Web Forms application. As of now it is using On-Premise ADFS which is working fine. Now we have a requirement to change on-premise ADFS to Azure ADFS.
In the web.config, I have changed the required URL to point to Azure ADFS but it is not working. I checked Stackoverflow and Googled around but I found examples related to ASP.NET MVC and ASP.NET Core where changes are required in Startup.cs file.
I want to know what all changes are required in my traditional Web Forms application. Any example link would help.
You should be able to get it working by using the Azure AD parameters rather than the ADFS ones e.g. metadata. What protocol are you using?
There are some ADFS samples. Look at the LHS under ADAL and MSAL. These generally start with an Azure AD sample and show how to convert to ADFS. So you can then work "backwards".
Update
I had a look at that code. It looks like OIDC? "Redirect_Uri" is not a WS-Fed parameter.
There is a WS-Fed sample here.
This question might be silly but needs to know prerequisite before I start reading any documentation of ADFS SSO Integration using asp.net 4.0. So please tell me whether it is possible or not to develop / deploy such kind of system in shared hosting services.
Define shared-hosting services.
If you mean something like Azure, the answer is yes. You can run ADFS in a VM.
ADFS requires Windows server to run.
I already have more than 10 applications developed using ASP.NET. There are different versions for frameworks 2.0, 3.5 and 4. Currently I need to apply single sign on on all of my applications using Windows Azure Active Directory SSO. But I do not know what the code or library should be added to my application to be configured with the Azure SSO. Do I need to re-develop my application or recreate it with different versions? Does anyone know what I should do?
Different .NET frameworks should not be a problem. You should be able to implement SSO for all of these applications, but you will need to add it individually to each one. You will need to add it in the code of the application itself and then register each application to your tenant.
Here is a very good tutorial that shows you step by step how to add SSO to a published web application in Azure using OpenID Connect. You can follow the steps exactly and build their demo version to test it out, or follow their steps at the bottom that show how to implement SSO in your own application.
https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect
Here is the official Microsoft documentation, which also describes how to implement SSO: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps
Alternatively, if you want to use a library that is already integrated with Visual Studio, you can go to Project > Add Connected Service > Authentication with Azure Active Directory.
The "SSO" in this case refers to SAML. To do SAML in C#, look into Windows Identity Foundation (WIF), which includes some SAML support.
Note that doing SAML SSO involves more than just dropping in the right kind of username/password field. You need to have additional special pages to handle certain redirects, and have a way to store exchange saml metadata with your Azure AD identity provider. It can be painful.
I have been tasked to set up Single Signon for asp.net application (SAAS) using IIS server with a client who has ADFS3.0 for providing identity credentials. the users authenticated will be allowed to log in to the web application but i have been going through a lot of information as how to set up service provider files as the application is already running.
what settings and where do i need to configure them. any help will be greatly appreciated.
The "modern" way to do this is by using OWIN.
You will have to change your application as per Use the OWIN Security Components in ASP.NET to Implement Web Sign On with ADFS.
Then add your RP to ADFS and you are good to go.
For completeness. the "old" way to do this is to use WIF as in How To: Build Claims-Aware ASP.NET MVC Web Application Using WIF.
Kind of weird to ask this question, I have successfully implement SSO for ASP.NET MVC with ADFS 2.0 on Windows Server 2008 R2, now my Web App needs to authenticate to another LDAP implementation which is Open-LDAP which is on non-windows platform basically a domain controller on linux. I am still not clear in my approach as if this is possible to implement SSO other then windows server Active Directory.
Please suggest an approach to implement the solution as the authentication will be on Open-LDAP.
Any reference implementation is highly appreciated.
ADFS can only authenticate against AD.
The next version on Server 2016 will be able to authenticate against Open-LDAP.
In the meantime, your only option is to federate ADFS with another IDP that can do this e.g. shibboleth.