I am developing a single sign on ASP.NET application, and I am trying to decide whether to make use of the WIF SAML 2.0 CTP or instead use ADFS 2.0. I have read several places that the WIF SAML 2.0 CTP enables identity provider initiated SSO, but I can't find any examples or tutorials anywhere. Does anyone know a good resource for becoming familiar with the methods of doing this using WIF CTP?
The SAML2 CTP is pre-release and I am really sceptical that this will ever RTM. So I wouldn't use it.
So you want SSO from your ASP.NET application to a SAML IdP?
It sounds like you've figured out that you can either go direct to the SAML IdP by adding a SAML stack to your application or by going WS-Fed to ADFS and then SAML to the IdP.
As mentioned the SAML CTP has been in CTP for ages and there is little documentation.
Have a look at the OpenSSO Fedlet.
However, you will probably find the ADFS option both quicker and easier.
Related
Looking for the easiest way to authenticate with RedHat SSO SAML 2.0 (not OpenId) in a .NET Core application. I stumbled upon the ITfoxtec.Identity.Saml2 library and was wondering if anyone has gotten this to work before struggling with an endless array of trial-and-error scenarios.
Thanks!
Answering my own question- yes it does seem to work. The Startup.cs given in the sample code mostly works as-is, except SAML wants the Issuer to be the client ID in RedHat SSO and you need to fill in your AssertionConsumerServiceUrl in the redirect binding on the login.
I'm looking for a good MFA provider to be incorporated to a legacy Web Forms application that uses Forms Authentication for security. It seems most of the MFA providers I see (such as Authy) are built around ASP .NET Identity. I'm trying to look for a solution that doesn't scratch the legacy application much... migrating the legacy application to ASP .NET Identity will be a nightmare. I've tried looking into Authy, Auth0, PingID and Okta and they all seem to be overkill for our use case. I'm trying to find an MFA provider that can work alongside Forms Authentication.
I use https://www.twilio.com/ for my MFA. I am only using the SMS functionality though, so essentially you need to hook up their sms code with your form authentication process. The only difference is that you don't have the identity component (which I highly suggest that you implement). Check out the C# code here for more info on the SMS API procedure: https://www.twilio.com/docs/sms/quickstart/csharp-dotnet-framework.
I understand that the following is for MVC, but you can convert the code to Web Forms as well: https://www.twilio.com/docs/sms/tutorials/two-factor-authentication-csharp-mvc.
The above example also uses the identity framework, but just take a look at the implementation of using SMS and you can migrate the concept into your web form.
I oddly do not find any documentation around how to setup ASP.NET CORE with ADFS 3.0, but enough about other providers. How can I set this up in ASP.NET CORE, as my company only uses ADFS 3.0 as SSO solution.
I've seen a (paid) solution called Auth0, but I first want to try without any 3rd party paid options.
We're in the process of migrating our authentication and authorization logic away from the original membership providers. We are currently looking at Asp.net Identity, but no one on the team has experience with this technology. We've been asked to support ADFS in the future and looking to see if this framework directly supports ADFS, which no one on the team has experience with either.
The only article I've found, http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/ seems to imply asp.net identity will support ADFS as a provider. Are there any other definitive resources for asp.net identity and ADFS?
Regards,
Noobian
ASP.NET Identity offers an "easy" way to add users and authenticate against them in a SQL DB.
ADFS can only authenticate against AD.
WIF is still supported but older - the OWIN WS-Fed libraries are the way to go these days.
If you want to use ASP.NET Identity have a look at thinktecture's IdentityServer. Offers full support for this plus you can federate with ADFS.
We have a classic ASP.NET web application and a SOAP based API built on it. We are planning to implement oAuth2 authorization into it to implement a service provider that can create tokens, persist them and do evaluation.
I found few examples using DotNetOpenAuth , Azure access control service but all of them are based on MVC. Any pointers on how we can implement on oAuth2 on classic ASP.NET web API?
There are quite a few examples of using DotNetOpenAuth with asp.net applications. For instance:
http://www.nuget.org/packages/DotNetOpenAuth.AspNet
http://blogs.msdn.com/b/webdev/archive/2012/09/12/integrate-openauth-openid-with-your-existing-asp-net-application-using-universal-providers.aspx
Edit
So unfortunately I don't know a direct example with asp.net.
The OAuth1 sample might help in giving the basic idea of how to integrate DotNetOpenAuth as a service provider into an ASP.NET application -
https://github.com/DotNetOpenAuth/DotNetOpenAuth/tree/master/samples/OAuthServiceProvider
And I think that using that as a base, and combining with working with the OAuth2.AuthorizationServer (as the oauth2 samples show, like https://github.com/DotNetOpenAuth/DotNetOpenAuth/tree/master/samples/OAuth2ProtectedWebApi), is a good reference point.