0
votes

I have a Web forms application on Azure. It has been developed in Visual studio 2015. Framework 4.6. My client wants to access this application using ADFS SSO. They have provide me with their

  • FederationMetaData.xml,
  • Issuer URL,
  • Single sign-on service URL.
  • Single sign-out service URL
  • and Saml token certificate. I am happy to have just a single tenant solution for now.

All the web examples I have seen so far have been built with Visual Studio 2013 or earlier. The Microsoft reference pages are not dated and have lead me astray. Microsoft support sent me examples and code from VS 2013. Has anyone ever done this with a web forms app using VS 2015?

Has anyone the specifics on the Web.config settings or the necessary steps on how to reference the FederationMetaData.xml and what to do with the Saml certificate.

Is it possible to activate the authentication wizards in VS 2015 that are in VS 2013?

3

3 Answers

1
votes

See http://www.cloudidentity.com/blog/2014/04/29/use-the-owin-security-components-in-asp-net-to-implement-web-sign-on-with-adfs/

Incidentally, the instructions for 2013 here are usable for 2015 too. http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/. You choose on-premises and give the metadata path to your AD FS server.

Instead of using WIF it uses OWIN when creating an app using VS2015.

1
votes

Agree with @maweeras.

The "Identity and Access Tool" in VS 2013 is deprecated and you need to drive it from the "on-premises" option under "Change Authentication".

WIF is no longer used hence no need for the web.config etc.

Note that you need OWIN WS-Federation not OWIN OpenID Connect.

However, ADFS still supports WS-Federation and WIF is still supported client-side.

Refer: Integrating a web app with Azure AD using WS-Federation.

0
votes

Thanks maweeras and nzpcmad for taking the time to respond. It did help.

I have manged to achieve it but not without some lessons learned. - The solution needs to be a web app not a web site. I would like to know if anyone has achieved it with a web site. - I needed to install the Owin package. Once the Authenticate wizard button appeared it was easy - My client didn't need to send me all the FederationmetaData.xml, Issuer Url, SSOn service, SSout service or certificate. This just confused me. I was looking for placed to put them. All I needed was the domain where my app could look up their FederationMetaData.xml because it has it all in there.

It was fun to learn how it all worked but really everything is handled under the hood.