Skip to content

Instantly share code, notes, and snippets.

@nzpcmad
Created March 30, 2016 20:59
Show Gist options
  • Save nzpcmad/7c55ca1a270573a614a4c95a8b5a6e6f to your computer and use it in GitHub Desktop.
Save nzpcmad/7c55ca1a270573a614a4c95a8b5a6e6f to your computer and use it in GitHub Desktop.
NativeClient-WebAPI-DotNet-TP4-Git - Sample for ADFS 4.0 - Server 2016
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<appSettings>
<!--Added ADFS 4.0 code-->
<!--<add key="ida:Tenant" value="[Enter tenant name, e.g. contoso.onmicrosoft.com]" />-->
<!--<add key="ida:ClientId" value="[Enter client ID as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]" />-->
<add key="ida:ClientId" value="46cfcdbf-edf6-...d8f6" />
<!--<add key="ida:RedirectUri" value="[Enter redirect URI as entered in Azure Portal, e.g. http://TodoListClient]" />-->
<add key="ida:RedirectUri" value="http://TodoListClient" />
<!-- <add key="todo:TodoListResourceId" value="[Enter App ID URI of TodoListService, e.g. https://contoso.onmicrosoft.com/TodoListService]" />-->
<add key="todo:TodoListResourceId" value="https://localhost:44324/NativeTodoListService" />
<!--<add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />-->
<add key="todo:TodoListBaseAddress" value="https://localhost:44324/NativeTodoListService" />
</appSettings>
</configuration>
// ADFS 4.0
/*private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);
private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);*/
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);
...
InitializeComponent();
//
// As the application starts, try to get an access token without prompting the user. If one exists, populate the To Do list. If not, continue.
//
// ADFS 4.0
//authContext = new AuthenticationContext(authority, new FileCache());
authContext = new AuthenticationContext("https://my-adfs/adfs/", false);
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.ActiveDirectory;
using Owin;
namespace TodoListService
{
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
/*app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Audience = ConfigurationManager.AppSettings["ida:Audience"],
Tenant = ConfigurationManager.AppSettings["ida:Tenant"]
});*/
// Added ADFS 4.0 code
app.UseActiveDirectoryFederationServicesBearerAuthentication(
new ActiveDirectoryFederationServicesBearerAuthenticationOptions
{
Audience = "https://localhost:44324/NativeTodoListService",
MetadataEndpoint = "https://my-adfs/FederationMetadata/2007-06/FederationMetadata.xml"
});
}
}
}
//----------------------------------------------------------------------------------------------
// Copyright 2014 Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//----------------------------------------------------------------------------------------------
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
// The following using statements were added for this sample.
using System.Collections.Concurrent;
using TodoListService.Models;
using System.Security.Claims;
namespace TodoListService.Controllers
{
[Authorize]
public class TodoListController : ApiController
{
//
// To Do items list for all users. Since the list is stored in memory, it will go away if the service is cycled.
//
static ConcurrentBag<TodoItem> todoBag = new ConcurrentBag<TodoItem>();
// GET api/todolist
public IEnumerable<TodoItem> Get()
{
//
// The Scope claim tells you what permissions the client application has in the service.
// In this case we look for a scope value of user_impersonation, or full access to the service as the user.
//
// ADFS 4.0
/*if (ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value != "user_impersonation")
{
throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'user_impersonation' or scope claim not found" });
}*/
// A user's To Do list is keyed off of the NameIdentifier claim, which contains an immutable, unique identifier for the user.
Claim subject = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier);
return from todo in todoBag
where todo.Owner == subject.Value
select todo;
}
// POST api/todolist
public void Post(TodoItem todo)
{
// ADFS 4.0
/*if (ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value != "user_impersonation")
{
throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'user_impersonation' or scope claim not found" });
}*/
if (null != todo && !string.IsNullOrWhiteSpace(todo.Title))
{
todoBag.Add(new TodoItem { Title = todo.Title, Owner = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value });
}
}
}
}
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<!--ADFS 4.0-->
<!--<add key="ida:Tenant" value="[Enter tenant name, e.g. contoso.onmicrosoft.com]" />
<add key="ida:Audience" value="[Enter App ID URI of TodoListService, e.g. https://contoso.onmicrosoft.com/TodoListService]" />-->
</appSettings>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment