How to pass a parameter from client to back-end via Access Control Service

0
votes

Hello fellow developers!

We are using ACS for user authentication form mobile and web applications.

Question: How to propagate some context information (e.g. 1 string) to identity providers that can be returned to the ACS and later propagated to our back-end (to which ACS posts authentication token)?

Our goal:

  • WORKING: Mobile app > back-end (WebApi) > ACS (using IdentityProviders.js) > back-end (WebApi) > e.g. Google auth > ACS > our back-end (WebApi) redirects Mobile app to static Noop URL (exposing token as query string parameter) > Mobile app detects the URL change (in InAppBrowser) and stores the query string.

  • PROBLEM: Web app > back-end (WebApi) > ACS (using IdentityProviders.js) > back-end (WebApi) > e.g. Google auth with parameter “myURL” > ACS (propagates token and parameter “myURL”) > our back-end (WebApi) should redirect Web app to received parameter myURL with token as query string parameter. How to achieve this?

Thank you! Martin

1
c#.netauthenticationacsaccesscontrolservice

1 Answers

1
votes

You can pass any information that needs to be propagated during authentication flow in a Context. Add desired redirect URL in a Context when you request identity providers from ACS.

For example:

https://YourNamespace.accesscontrol.windows.net/v2/metadata/IdentityProviders.js?protocol=wsfederation&realm=YourAppRealm&reply_to=YourAppReturnURL&context=YourRedirectionURL&version=1.0&callback=OptionalFunctionName

See this and this link for more info.

What is left is to get URL from Context when ACS post Token to your back-end. For example (needs code review):

var formResult = Request.Content.ReadAsFormDataAsync().Result;
var wresult = formResult["wresult"];
var signInResponse = new SignInResponseMessage(Request.RequestUri, wresult);

var rstr = new WSFederationSerializer().CreateResponse(signInResponse,new WSTrustSerializationContext(SecurityTokenHandlerCollectionManager.CreateDefaultSecurityTokenHandlerCollectionManager()));

var redirectURL = rstr.Context;

Regards, Matej