CODEWITHSUNDEEP
asp.netauthenticationwebformsadfs
CiccioMiami
CiccioMiami

Reputation: 8266

How to query ADFS repository for authentication in ASP.NET

I have an ASP.NET Web Forms application and ADFS correctly implemented.

I successfully use ADFS for SSO in many applications but now I need to use the ADFS repository just to validate login credentials on-premises, not for the login itself.

My application is a simple form with Textboxes for username and password and a Login button. Once the user inserts username and password and clicks on login I need to check with ADFS whether the data are correct, receive the response and based on that perform some other task.

In the SSO I already implemented it is the STS itself that displays the pop-up for login credentials but in this case I want this task to be fulfilled by my app.

Anybody might tell me if that is possible and point me to the right direction?

Upvotes: 0

Views: 1277

Answers (1)

Wiktor Zychla
Wiktor Zychla

Reputation: 48250

Are you sure you want to have your own login form in a web app? That doesn't sound fair, if the ADFS is further federated with other identity providers, your check could just miss that.

Having said that, if you really want this, you should enable a usernamemixed endpoint endpoint in the ADFS configuration, configure your application as a relying party and request a token:

string stsEndpoint = "https://WIN-2013.win2008.marz.com/adfs/services/trust/13/usernamemixed";
string relyingPartyUri = "https://www.yourrelyingpartyuri.com";

WSTrustChannelFactory factory = new WSTrustChannelFactory(
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(stsEndpoint));

factory.TrustVersion = TrustVersion.WSTrust13;

// Username and Password here...
factory.Credentials.UserName.UserName = "remote_user01";
factory.Credentials.UserName.Password = "the_password";

RequestSecurityToken rst = new RequestSecurityToken
{
   RequestType = Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13Constants.RequestTypes.Issue,
   AppliesTo = new EndpointAddress(relyingPartyUri),
   KeyType = Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13Constants.KeyTypes.Bearer,
};

IWSTrustChannelContract channel = factory.CreateChannel();

SecurityToken token = channel.Issue(rst);

//if authentication is failed, exception will be thrown. Error is inside the innerexception.
//Console.WriteLine("Token Id: " + token.Id);

This particular snippet is copied from this blog entry:

http://leandrob.com/2012/04/requesting-a-token-from-adfs-2-0-using-ws-trust-with-username-and-password/

Upvotes: 1

Related Questions