CODEWITHSUNDEEP
c#asp.netasp.net-web-apiadfs
BrunoMartinsPro
BrunoMartinsPro

Reputation: 1846

On-Premises WebApi not redirecting to authentication

For some reason OWIN is not redirecting to the login page especified in ADFS, i dont have any control over ADFS(Windows Server 2012), i followed the Microsoft Documentation(http://www.asp.net/visual-studio/overview/2013/creating-web-projects-in-visual-studio#orgauthonprem) but im now stuck. I thought that by refering the metadata everything would be configured out of the box.

My Controller(template generated from WebApi)

[Authorize]
public class ValuesController : ApiController
{
    // GET api/values
    public IEnumerable<string> Get()
    {
        return new string[] { "value1", "value2" };
    }

    // GET api/values/5
    public string Get(int id)
    {
        return "value";
    }

    // POST api/values
    public void Post([FromBody]string value)
    {
    }

    // PUT api/values/5
    public void Put(int id, [FromBody]string value)
    {
    }

    // DELETE api/values/5
    public void Delete(int id)
    {
    }
}

However i get 

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Message>Authorization has been denied for this request.</Message>
</Error>

Am i supposed to implement some kind of based authentication?

UPDATE!
It seems it was necessary Microsoft.Owin.Security.WsFederation
However now adfs doesnt redirect to my realm, i get a 302 from ADFS after the user was authenticated.. Something like 

/adfs/ls/?wtrealm=http%3a%2f%2flocalhost%3a554&wctx=WsFedOwinState%3d9C7kwsHRjBM86yrii5niUWF1gW9VFvCKBTj_D3z4-QQ5P25opteVK0mWf0fudEQdsgIexkHxTxhKDqBmfSWNAuJ3togHTBE40CEKYa8JLKJOxsgxNGIreYBOzNYzK8NNvR26PCMCowCFoM9NGJOC8w&wa=wsignin1.0

My Startup.cs

public partial class Startup
{
    // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);

        app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
        {
            MetadataAddress = ConfigurationManager.AppSettings["ida:AdfsMetadataEndpoint"],
            Wtrealm = ConfigurationManager.AppSettings["ida:Audience"],
        });
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
        });
    }
}

How can i tell ADFS to redirect to the realm?

Upvotes: 1

Views: 1061

Answers (1)

BrunoMartinsPro
BrunoMartinsPro

Reputation: 1846

I turns out ADFS needed a Relying party with a unique id to authenticate the users and correctly redirect to the realm.

Upvotes: 1

Related Questions