My client is using shibboleth for other software systems ( eg. Library service, photocopying facilities, study material databases ). He wants my web application also be configured with shibboleth so that a single identity can be used throughout the system for a user.
I am new to Shibboleth. I don't know how to start. what are the steps needed to fit it in my application (asp.net , vb ). i have read the docs provided by shibboleth. but don't know the starting steps.
I don't know nothing about Shibboleth, but I would do the following: first check if Shibboleth provides any authentication APIs. If yes, integrate with them, otherwise integrate with Shibboleth database directly and implement customized authentication for ASP.NET application.
Related
I have an ASP.NET C# WebForms application built using the following:
Mono
Apache
PostgreSql
NPGSQL
OS Linux
Because those platforms are used a custom user/role management system was written for the application login.
One of the features we need is to redirect a visitor if they try to access a page if they have not logged in to the application.
I have been researching the Forms Authentication
As expected almost everything I find is using the ASP.NET built-in tools that are prominently used in Windows environments. (Which is not necessarily the case I have in my application)
My question is can Forms Authentication be used in my scenario? Or is there another approach I could take to accomplish the same result.
PLEASE NOTE: Before marking this as a possible duplicate question notice my environment is not the normal ASP.NET stack.
Using [Sessions] is my solution.
This StackoverFlow question gives a really good explanation.
I already have more than 10 applications developed using ASP.NET. There are different versions for frameworks 2.0, 3.5 and 4. Currently I need to apply single sign on on all of my applications using Windows Azure Active Directory SSO. But I do not know what the code or library should be added to my application to be configured with the Azure SSO. Do I need to re-develop my application or recreate it with different versions? Does anyone know what I should do?
Different .NET frameworks should not be a problem. You should be able to implement SSO for all of these applications, but you will need to add it individually to each one. You will need to add it in the code of the application itself and then register each application to your tenant.
Here is a very good tutorial that shows you step by step how to add SSO to a published web application in Azure using OpenID Connect. You can follow the steps exactly and build their demo version to test it out, or follow their steps at the bottom that show how to implement SSO in your own application.
https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect
Here is the official Microsoft documentation, which also describes how to implement SSO: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps
Alternatively, if you want to use a library that is already integrated with Visual Studio, you can go to Project > Add Connected Service > Authentication with Azure Active Directory.
The "SSO" in this case refers to SAML. To do SAML in C#, look into Windows Identity Foundation (WIF), which includes some SAML support.
Note that doing SAML SSO involves more than just dropping in the right kind of username/password field. You need to have additional special pages to handle certain redirects, and have a way to store exchange saml metadata with your Azure AD identity provider. It can be painful.
I have a Classic ASP / VbScript website that I need to act as an SAML 2.0 Identitiy Provider.
Despite extensive searching I have been unable to find any resource / demo / example to steer me towards a solution.
As I can't find any information I am thinking that it is simply not possible, or is it so obvious nobody needs to ask or that is such an uncommon situation that no resource exists.
Further clarification added
My website.com is coded in Classic ASP / VbScript running in IIS7.5 on Windows 2008 server.
User logs into website.com and can now browse the site.
One section of website.com has links to other-website.com which ordinarily requires login.
To avoid this I can use SAML 2 based SSO to gain direct access to other-website.com by passing over EntityID and unique references from website.com database which correspond to other-website.com database to ensure authentication.
What I really don't understand is from the point that the User clicks hyperlink to other-website.com what I need to do to create and pass over the required information to other-website.com
I think that I have to create some form of encrypted XML document and then POST it via a form to the URL supplied by other-website.com - but I am not sure how to do this and can't find any sample / demo to help.
Hopefully that explains fully what I am trying to achieve!
The normal model is that you have a third-party product (ADFS, OpenAM, PingIdentity, ...) as your IP and your application is the RP (Relying Party).
You don't normally have an application as an IP.
What do you intend to authenticate against?
ADFS / WIF is based around ASP.NET not ASP.
WIF uses WS-Federation not SAML.
To use SAML you need ADFS and that runs on Windows Server.
Check out PingFederate and the Agentless Integration Kit from PingIdentity. Here's an overview of how the integration would work with your application - http://documentation.pingidentity.com/display/AIK12/Implementing+IdP+Functionality. PF would handle all the fancy standards-based requirements and your application would continue to maintain its own session and user authentication functionality. When SSO is needed, you then invoke the PF server. Once you integrate your app, it's very simple to add new service providers via the PF Admin Console.
[Note: I work for Ping]
For anyone reading this question, I would highly recomend taking a look at this article and sample code, I was in the same situation as the OP and found for me it was easier to use this C# ASP.Net code as a starting point (I have little experiance of C# but still got this working quickly and easily). It's clearly comented and works right out of the box and was easy to amend for my needs. In the end it was simpler to implement this in .NET and call it from my ASP application than create from scratch in ASP.
http://www.voiceoftech.com/swhitley/index.php/2008/09/single-signon-with-saml/
We are planning to receive a SAML assertion from another website into ours (ASP.NET). No one here has ever worked with SAML. We simply need to verify the signed assertion, decrypt the token containing a user id and if we can verify it, log them into our site (authenticate/authorize). We are using Forms Authentication for all other authentication. I would like to avoid installing WIF if possible because my understanding is we'd have to install the runtime on all the developers machines and servers. Our machines are locked down by policy such that it would be a lot of paper work to get it installed. Are there alternatives to WIF and are they realistic to use in an enterprise environment? If so, can someone point me in the right direction, a good tutorial, video, book or anything with examples would be helpful? I looked at some third party components but I'd have the same issue as with WIF on our servers (not to mention dealing with procurement).
Thanks
Is this internal or an external facing application? You may want to checkout PingOne.com Application Provider Services (APS) [Note: I work for Ping]. PingOne handles all the SAML protocol stuff for you and provides self-service capabilities, reporting, etc. No need to install WIF... just a few lines of .NET code (or whatever) to integrate with the RESTful service that PingOne provides.
HTH - Ian
I'm looking for the most reliable way to use both Windows and Form based auth IN ASP.NET MVC 2 I know how to do it in webforms, but because I cannot adjust the permissions (In IIS) on a per file basis in MVC. Im struggling to transfer the concept.
Any suggestions? Links?
There are following post:
http://aspadvice.com/blogs/rjdudley/archive/2005/03/10/2562.aspx
http://aspadvice.com/blogs/rjdudley/archive/2005/03/10/2561.aspx
http://msdn.microsoft.com/en-us/library/ms972958.aspx
All describe it for classic asp.net. But the concept should be transferable to mvc.
I implemented this using mvc and a custom membership provider.
The whole application is running with aspnet anonymous account. That means that your files must be accessible to this account. On my machine I had to give read access to this IIS account.