Reputation: 41
SSO with AD/ADFS and .NET Native Client
My question is about Active Directory (AD), Active Directory Federation Services (ADFS), Single Sign On (SSO), and SAML.
We have a Client/Server Application with the following Specs:
- Client: WPF .NET Native Client based on .NET 4.7.2 and C#
- Server: REST-Service based on Java Spring
One main Requirement is SSO with AD/ADFS. In the Best Case, the User should be authenticated seamlessy/silent.
The main Restriction is AD and ADFS based on Windows Server 2012 R2.
In the following picture, you can how we planned to implement SSO with ADFS.
- The .NET Native Client tries to use the REST-Service without Authentication.
- The rest-service redirects the .NET Native Client to ADFS-Server.
- The .NET Native Client tries to get a SAML-Token with the current logged on User-Credentials(Windows Logon).
- If the current User ist granted the ADFS-Server respond with and SAML-Token.
- The .NET Native Client takes the SAML-Token and passes it to the REST Service.
- If the SAML-Token is accepted the User Access is granted.
- If the SAML-Token is not accepted the User should get a Login-Screen in the App.
At this time im totally confused about SSO with ADFS in .NET Native Client. I can't find any suitable Demos etc. Many Demos or Use Cases are about ASP.NET but almost nothing about Native Clients. I'm starting to wonder if my assumption about SSO with AD/ADFS and SAML aren't true.
I started building an AD-ADFS-Lab with Virtual Machines described in Understanding ADFS an Introduction to ADFS. Then I'm trying to play with the ADFS-Server but couldn't get it done.
I was looking at this Libraries:
After 1 week of Research, my Head is spinning:
- Do I need WIF?
- What about WCF?
I know there is OAuth. I know Windows Server 2012 isn't the lastest and best for this Scenario. But the Requirements and Restrictions come direct from our Customer.
- What can I do?
- What can I read or try?
- Are thre any other Libraries?
- Are there any Examplex?
Update
I was able to "talk" to my ADFS-Server with WS-Trust and get a SAML-Token.
private static void Main(string[] args)
{
string adfs = "https://ad-fs.adlab.local";
string adfsEndpoint = "https://ad-fs.adlab.local/adfs/services/trust/13/usernamemixed";
string appServer = "https://ad-server.adlab.local/sampapp/";
var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), adfsEndpoint);
factory.TrustVersion = TrustVersion.WSTrust13;
var channelCredentials = factory.Credentials;
channelCredentials.UserName.UserName = "Administrator@adlab";
channelCredentials.UserName.Password = "SsoLab2019";
channelCredentials.SupportInteractive = false;
RequestSecurityToken rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference(appServer),
KeyType = KeyTypes.Bearer
};
var channel = factory.CreateChannel();
try
{
var token = (GenericXmlSecurityToken)channel.Issue(rst);
Console.Write(token.TokenXml.OuterXml);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.ReadKey();
}
No I have to figure out how I can get the SAML-Token silent/seamless.
Upvotes: 4
Views: 2657
Answers (0)
Related Questions
- ADFS SSO SAML Windows Integrated authentication does not work
- Client Side ADFS configuration for SAML based WebSSO protocol
- SAML SSO WITH ADFS IN C#
- Single Sign On implementation in C# using SAML 2.0
- SSO using Active Directory Federation Services on my .NET (C#) Application
- ADFS 2.0 IDP-Initiated SSO
- SSO from ADAL in WPF Client to ADFS 3.0 on Windows Server 2012 R2
- SAML request for SSO from Service provider to ADFS in asp.net C#
- How to implement SAML for SSO using ADFS as identity Provider
- ADFS 2.0, SSO and SAML 2.0