Reputation: 41
My question is about Active Directory (AD), Active Directory Federation Services (ADFS), Single Sign On (SSO), and SAML.
We have a Client/Server Application with the following Specs:
One main Requirement is SSO with AD/ADFS. In the Best Case, the User should be authenticated seamlessy/silent.
The main Restriction is AD and ADFS based on Windows Server 2012 R2.
In the following picture, you can how we planned to implement SSO with ADFS.
At this time im totally confused about SSO with ADFS in .NET Native Client. I can't find any suitable Demos etc. Many Demos or Use Cases are about ASP.NET but almost nothing about Native Clients. I'm starting to wonder if my assumption about SSO with AD/ADFS and SAML aren't true.
I started building an AD-ADFS-Lab with Virtual Machines described in Understanding ADFS an Introduction to ADFS. Then I'm trying to play with the ADFS-Server but couldn't get it done.
I was looking at this Libraries:
After 1 week of Research, my Head is spinning:
I know there is OAuth. I know Windows Server 2012 isn't the lastest and best for this Scenario. But the Requirements and Restrictions come direct from our Customer.
I was able to "talk" to my ADFS-Server with WS-Trust and get a SAML-Token.
private static void Main(string[] args)
{
string adfs = "https://ad-fs.adlab.local";
string adfsEndpoint = "https://ad-fs.adlab.local/adfs/services/trust/13/usernamemixed";
string appServer = "https://ad-server.adlab.local/sampapp/";
var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), adfsEndpoint);
factory.TrustVersion = TrustVersion.WSTrust13;
var channelCredentials = factory.Credentials;
channelCredentials.UserName.UserName = "Administrator@adlab";
channelCredentials.UserName.Password = "SsoLab2019";
channelCredentials.SupportInteractive = false;
RequestSecurityToken rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference(appServer),
KeyType = KeyTypes.Bearer
};
var channel = factory.CreateChannel();
try
{
var token = (GenericXmlSecurityToken)channel.Issue(rst);
Console.Write(token.TokenXml.OuterXml);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.ReadKey();
}
No I have to figure out how I can get the SAML-Token silent/seamless.
Upvotes: 4
Views: 2657