CODEWITHSUNDEEP
asp.net-mvcadfsidentityserver3
Andrew
Andrew

Reputation: 217

IdentityServer3 - redirect to ADFS if client is on intranet

We have a portal (mvc rdp) that is used by both internal users (employees) and external users (customers). We would like IdentityServer3 to automatically detect if the authentication request is done from within the corporate network, and redirect to ADFS. The local login should be shown if the user-agent is calling from the internet.

In short, we don't want to have buttons for the external idp as we want the IdSrv to automatically redirect to ADFS if client is on the internal network to provide true single sign on for our domain bound users.

If the portal was only used by internal users, then we would just configure the client to only use a particular identity provider but this portal is also used by external customers and those users are not stored in our AD ;)

I've looked at overriding PreAuthenticateAsync and using Dns.Dns.GetHostName() but that is related to the machine that IdentityServer is running on and not the client machine.

In an mvc controller, we would just use Request.UserHostName but this is not available in IdentityServer3 UserService.

Upvotes: 2

Views: 306

Answers (1)

Rob Davis
Rob Davis

Reputation: 1319

I think you can get the client's IP address from the OwinContext; something like this:

public class UserService : UserServiceBase
{
    OwinContext ctx;
    public UserService(OwinEnvironmentService owinEnv)
    {
        ctx = new OwinContext(owinEnv.Environment);
    }

    public override Task PreAuthenticateAsync(PreAuthenticationContext context)
    {
        // The IP Address of the remote client
        var ipAddress = ctx.Environment["server.RemoteIpAddress"].ToString();

        if (BelongsToOurNetwork(ipAddress))
            context.SignInMessage.IdP = "OurADFS";
        else
            context.SignInMessage.IdP = "idsrv"; // local login

        return Task.FromResult(0);
    }
}

Upvotes: 2

Related Questions