I am trying to determine how to get an MVC application set up to authenticate against an on-premise ADFS server. I am using the Azure AD sample found at the Github Azure Samples and altered it as described in Vittorio Bertocci's blog to use my app's RealmId and my organization's ADFS metadata endpoint. When I run the sample using IIS Express, the OWIN middleware is invoked and I get the redirect to the ADFS login screen.
However, The app I am working on needs to run in IIS so I am trying to configure my sample app in local IIS. When I run the sample in local IIS, there is no redirect to ADFS and the windows (Kerberos) identity is returned instead. How do I make sure that the OWIN middleware is invoked by IIS? The app pool is running in Integrated v4.0 mode.
This is the code in my Startup.Auth.cs:
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
private static string metadata = ConfigurationManager.AppSettings["ida:ADFSMetadata"];
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = realm,
MetadataAddress = metadata,
Notifications = new WsFederationAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("Home/Error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
}
});
}
