Reputation: 449
ADFS Authentication Delegation Desktop / Mobile Applications
I was wondering if somebody could point me in the right direction. We're currently looking at hosting a web application for a client which will authenticate against the client's ADFS IIS server in order to take advantage of SSO etc. this is all fine and no problems here.
The issue comes in when we consider our existing desktop and mobile applications (.NET, iOS, Android etc.). We need to authenticate these applications against the same user store as our web application.
Is it possible to authenticate a Windows Desktop Application (written in .NET) against an external ADFS server? If so, please could you point me at an example?
Is it possible to authenticate native mobile applications against ADFS? I guess we'll need to manually create HTTP requests etc. in order to handle this. Could somebody point me at any relevant documentation / examples?
Alternatively, for mobile applications, would it be better to host our own internal webservice which acts as a 'middle-man'. Again, any examples of this would be greatly appreciated.
Thanks David
Upvotes: 4
Views: 3320
Answers (2)
Reputation: 46720
Another possible solution is to use a custom STS that "transforms" OAuth to a SAML token and then federate ADFS with the custom STS. There's an example of this in Identity Server.
So the chain would e.g. be: desktop and mobile - OAuth - custom STS - WS Fed - ADFS
Upvotes: 1
Reputation: 14212
It depends on the type of service you are calling from the client (mobile or desktop). If it is a SOAP web service, then it is all supported out of the box (e.g. using WS-Trust). WCF already provides bindings for claims based authentication so you don't need much on the client besides .NET.
Mobile clients tend to favor lighter-weight protocols (e.g. OAuth, REST endpoints, etc). These are not supported by ADFS, but you could add ACS (Windows Azure Active Directory) and have it as an intermediary that will do the protocol translation for you.
Good examples for both scenarios are available here: http://msdn.microsoft.com/en-us/library/ff423674.aspx
Specifically:
SOAP: http://msdn.microsoft.com/en-us/library/hh446528
REST / Devices: http://msdn.microsoft.com/en-us/library/hh446533
Upvotes: 2
Related Questions
- oAuth sample for ADFS Windows 2012 R2
- ADFS authentication with windows credentials
- .net Core Api authentication with ADFS 2012
- Single sign on for .NET application integrated with Active Directory
- Implementing active authentication using ADFS
- windows authentication with ADFS on standalone application
- ADFS Authentication in ASP.NET 5 MVC 6
- ADFS Active Authentication .NET 4.5 (Post-WIF)
- ADFS 2012 R2 oAuth 2.0 SSO sample .NET
- Authentication with ADFS 2.0