I have developed an ASP.NET MVC4 application and deployed on the client server. Our client uses ADFS (Active Directory Federation Services) and wants ADFS users to log into our web app. I am able to manage there login from ADFS. When user attempts to access my app's Login page they get re-directed to the ADFS login and once authenticated returned to my application. Now I need this email id that was used while login on ADFS in my application. I came to know that we can get this by retrieving claims from the ADFS. How can we get claims from ADFS and use this in our MVC controller. I'll really appreciate a simple code example which could be used in this scenario.
0
votes
1 Answers
1
votes
This blog entry I wrote years ago shows how a minimal code that authenticates with an external Ws-Fed identity provider would look like
http://www.wiktorzychla.com/2014/11/simplest-saml11-federated-authentication.html
The trick is to use the WSFederationAuthenticationModule's APIs to
- detect a post that carries a saml token (
IsSignInResponse) - validates and parses the token (
ValidateToken)
What you get is an instance of the ClaimsIdentity, a builtin class you can directly fetch claims from:
var identity = ...;
var email = identity.FindFirst( c => c.Type == ClaimTypes.Email );
https://msdn.microsoft.com/en-us/library/system.security.claims.claimsidentity(v=vs.110).aspx
replytag to is the endpoint that will receive the assertion. – zaitsman