CODEWITHSUNDEEP
asp.netauthenticationactive-directorysamladfs
Advay Pandya
Advay Pandya

Reputation: 101

Token based authentication using ADFS

I am working with the functionality to integrate ADFS login page with my application.

Flow

User will try to visit page. Here system will try to authenticate user.

System will redirect user to ADFS login page.

User will enter login information. If user is authenticated then user will be redirected back to the application with authorized token information.

I am facing difficulties to read the token information when the page is redirected back.

I tried

I am able to redirect page to ADFS login page and also can redirect back to my system if the user is authenticated using below url format:

https://adfs-domain-name/adfs/ls

Please find the below code snippet which I am using after getting back the page to read token information.

ClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as ClaimsPrincipal;
bool IsAuthenticated = claimsPrincipal.Identity.IsAuthenticated;
int ClaimCount = claimsPrincipal.Claims.Count();

Here I am getting IsAuthenticated as false and ClaimCount as 0 result.

Is there anything incorrect in my code or way to connect ADFS login page ?

Can anyone help me to fix this ?

Please let me know if you have any concern or query or if I am missing something.

Upvotes: 2

Views: 10755

Answers (1)

Efrain
Efrain

Reputation: 3364

In short, I would recommend following this tutorial: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/enabling-openid-connect-with-ad-fs-2016 I followed the steps in there and got it to work (using OAuth2 / OpenID connect). There are some other interesting resources on that site, too.

Some more pointers:

1) For using OAuth2 the login URL on the ADFS server should be something like: https://adfs.contoso.com/adfs/oauth2/authorize?[parameters]

The URL parameters are nicely documented here: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-code

2) You can then use the ADAL libraries for the frontend and backend code. In essence, the frontend code will put together the aforementioned login URL and keep the token in the browser's session storage to be sent with each request. The backend library will verify and decode the tokens (into ClaimsPrincipal) for you. You can find the appropriate library components here: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries

Ah, yeah, I know these components and docs describe Azure AD (ADFS in the cloud), but what they run there is essentially the same as ADFS 4.0 on Windows Server 2016.

Upvotes: 1

Related Questions