How to get SAML token using C#/ASP.NET

Question

The basic requirement I have is to call a webservice that uses SAML token. As part of this the first step is to get the token from IdentityProvider.

This is what I have:

• STS endpoint [ it's https url]
• A certificate .pfx file

Now I am not sure where to begin developing a client in ASP.NET (4.5) to connect to STS and get the token.

Any pointers to get me started?

Note: I tried making an HttpWebRequest passing in the certificate but get some connection error. I am not even sure if that is the way. Also reading about WebClient and HttpClient classes.

Answer 1

//This code will get you the SAML Token in C# 
protected HttpClient Client
{
    get
    {
        if (client == null)
        {
            handler = new HttpClientHandler();

            handler.Credentials = new NetworkCredential(username, password);
            handler.AllowAutoRedirect = false;
            handler.CookieContainer = cookies;
            handler.UseCookies = true;
            client = new HttpClient(handler);
            client.MaxResponseContentBufferSize = 9999999;
            client.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)");
            client.DefaultRequestHeaders.Add("Connection", "Keep-Alive");
            client.DefaultRequestHeaders.ExpectContinue = false;
        }
        return client;
    }
}
public String GetSAML()
{    
    if (client != null)
    {
        client = null;
    }
    String text = "";
    String SAMLTokenBase64String="";
    String urlRelayParty = "Your_Relay_party_identifier";
    string url = String.Format("{0}?loginToRp={1}", "https://***yourdomainforstsoradfs*****.com/adfs/ls/IdpInitiatedSignOn.aspx", HttpUtility.UrlEncode(urlRelayParty));
    do
    {
        result = Client.GetAsync(url).GetAwaiter().GetResult();
        text = result.Content.ReadAsStringAsync().GetAwaiter().GetResult();
        IEnumerable<string> values;
        if (result.Headers.TryGetValues("location", out values))
        {
            foreach (string s in values)
            {
                if (s.StartsWith("/"))
                {
                    url = url.Substring(0, url.IndexOf("/adfs/ls")) + s;
                }
                else
                    url = s;
            }
        }
        else
        {
            url = "";
        }
    }
    while (!String.IsNullOrEmpty(url));

    Regex reg = new Regex("SAMLResponse\\W+value\\=\\\"([^\\\"]+)\\\"");
    MatchCollection matches = reg.Matches(text);
    foreach (Match m in matches)
    {
        SAMLTokenBase64String = m.Groups[1].Value;
    }

    if (SAMLTokenBase64String != null && SAMLTokenBase64String.Trim().Length > 0)
    {
        SB("STS Login Successfull for " + urlRelayParty);
        return SAMLTokenBase64String;
    }
    

    SB("STS Login Failed for " + urlRelayParty);
    return "";
}

Answer 2

I used the WSTrustChannelFactory for this. This article helped me implement that: http://leastprivilege.com/2012/11/16/wcf-and-identity-in-net-4-5-external-authentication-with-ws-trust/

Also here's portion of my code: How to pass a certificate to WSTrust to get Saml Token