Daniel Müller
Daniel Müller

Reputation: 41

SSO with AD/ADFS and .NET Native Client

My question is about Active Directory (AD), Active Directory Federation Services (ADFS), Single Sign On (SSO), and SAML.

We have a Client/Server Application with the following Specs:

One main Requirement is SSO with AD/ADFS. In the Best Case, the User should be authenticated seamlessy/silent.

The main Restriction is AD and ADFS based on Windows Server 2012 R2.

In the following picture, you can how we planned to implement SSO with ADFS.

SSO-Scenario

At this time im totally confused about SSO with ADFS in .NET Native Client. I can't find any suitable Demos etc. Many Demos or Use Cases are about ASP.NET but almost nothing about Native Clients. I'm starting to wonder if my assumption about SSO with AD/ADFS and SAML aren't true.

I started building an AD-ADFS-Lab with Virtual Machines described in Understanding ADFS an Introduction to ADFS. Then I'm trying to play with the ADFS-Server but couldn't get it done.

I was looking at this Libraries:

After 1 week of Research, my Head is spinning:

I know there is OAuth. I know Windows Server 2012 isn't the lastest and best for this Scenario. But the Requirements and Restrictions come direct from our Customer.

Update

I was able to "talk" to my ADFS-Server with WS-Trust and get a SAML-Token.

private static void Main(string[] args)
    {
        string adfs = "https://ad-fs.adlab.local";
        string adfsEndpoint = "https://ad-fs.adlab.local/adfs/services/trust/13/usernamemixed";
        string appServer = "https://ad-server.adlab.local/sampapp/";

        var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), adfsEndpoint);
        factory.TrustVersion = TrustVersion.WSTrust13;

        var channelCredentials = factory.Credentials;

        channelCredentials.UserName.UserName = "Administrator@adlab";
        channelCredentials.UserName.Password = "SsoLab2019";
        channelCredentials.SupportInteractive = false;

        RequestSecurityToken rst = new RequestSecurityToken
        {
            RequestType = RequestTypes.Issue,
            AppliesTo = new EndpointReference(appServer),
            KeyType = KeyTypes.Bearer
        };

        var channel = factory.CreateChannel();

        try
        {
            var token = (GenericXmlSecurityToken)channel.Issue(rst);
            Console.Write(token.TokenXml.OuterXml);
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }

        Console.ReadKey();
    }

No I have to figure out how I can get the SAML-Token silent/seamless.

Upvotes: 4

Views: 2657

Answers (0)

Related Questions