Skip to content

Instantly share code, notes, and snippets.

@danroot

danroot/Startup.cs

Last active August 21, 2021 19:00
Show Gist options
  • Save danroot/0189c16a0296f8c65c83863f0f00aff5 to your computer and use it in GitHub Desktop.
Save danroot/0189c16a0296f8c65c83863f0f00aff5 to your computer and use it in GitHub Desktop.
Download ZIP
Use WsFederation in ASP.NET Core 2.0
Raw
Startup.cs
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.StaticFiles;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.WsFederation;
using System.Xml.Linq;
using System;
using Microsoft.IdentityModel.Tokens;
using System.Xml;
using System.Xml.XPath;
using System.Linq;
public class Startup
{
private void ApplyMetadata(WsFederationOptions o, string metadataAddress)
{
if (o.Configuration == null) o.Configuration = new Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConfiguration();
var metaXml = XDocument.Load(metadataAddress);
var namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:metadata");
namespaceManager.AddNamespace("digsig", "http://www.w3.org/2000/09/xmldsig#");
var signingCertsXml = metaXml.XPathSelectElements("//saml:IDPSSODescriptor/saml:KeyDescriptor[@use='signing']/digsig:KeyInfo/digsig:X509Data/digsig:X509Certificate", namespaceManager);
foreach (var signingCertXml in signingCertsXml)
o.Configuration.SigningKeys.Add(new X509SecurityKey(new System.Security.Cryptography.X509Certificates.X509Certificate2(Convert.FromBase64String(signingCertXml.Value))));
var entityId = metaXml.XPathSelectElement("//saml:EntityDescriptor",namespaceManager).Attributes().Single(x=>x.Name.LocalName == "entityID").Value;
o.Configuration.Issuer = entityId;
o.Configuration.TokenEndpoint = metaXml.XPathSelectElements("//saml:IDPSSODescriptor/saml:SingleSignOnService", namespaceManager).First().Attributes().Single(x => x.Name.LocalName == "Location").Value;
// o.Configuration.KeyInfos.Add(new Microsoft.IdentityModel.Xml.KeyInfo(new System.Security.Cryptography.X509Certificates.X509Certificate2(keyInfo509Byts)));
}
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddWsFederation(o =>
{
//TODO: Eventually WsFederation will correctly parse metadata. Once it does, this line and the ApplyMetadata method can be removed.
ApplyMetadata(o, Configuration["ADFS:MetadataAddress"]); //https://adfs.foo.com/federationmetadata/2007-06/federationmetadata.xml
o.Wreply = Configuration["ADFS:Wreply"]; //Your app's url. ie https://localhost:44301/signin-wsfed in dev, FQDN in prod. Must end with signin-wsfed
o.Wtrealm = Configuration["ADFS:Wtrealm"]; //Your app's realm. This is the Relying Party Trust's Identifier. Often urn:rpname:adfs.foo.com
//These settings wire up User.Identity.Name and roles. YMMV
o.TokenValidationParameters.NameClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier";
o.TokenValidationParameters.RoleClaimType = "role";
});
//...All your usual services
}
//...All your usual config
}
@vsmkrishna
Copy link

Hi How to call ApplyMetadata or when it will get called

@danroot
Copy link
Author

danroot commented May 27, 2020

line 54.

@vsmkrishna
Copy link

hi thanks did not see it....

@vsmkrishna
Copy link

Hi danroot ,
I am trying to integrate adfs with .net core 2.2. , i am able integrate startup.cs but how to autheticate adfs logged in user @ action level i am not getting , if you can help it will be great
Thanks,
vsmk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment