Set ADFS Redirect Uri for dev and test environments

0
votes

I have an ADFS server (3.0) running and an api with requests that gets authenticated with bearer tokens supplied by the ADFS server. As part of the request to authorise with ADFS I have to specify a redirect uri:

https://MyAdfsServer.com/adfs/oauth2/authorize?response_type=code&client_id=my-client-id&resource=https://my-web-api.com&redirect_uri=https://my-redirect-uri.com

this is fine for a production environment, but for dev and test environments I don't want to authenticate via adfs (if I dont have to)

Is there a way I can achieve this? I don't want to create multiple adfs clients for each environment just to have separate redirect uris. And for other developers locally who may have the website set up in different locations where I may be using https://localhost/my-app but another developer is using https://localhost/workspace2/my-app etc.

Is there a clean way I can ignore having to go to ADFS for bearer token in dev and test environment, or have separate redirect uris without multiple adfs clients?

Thanks

1
.netoauth-2.0adfsbearer-token
it appears that if I have windows authentication enabled on IIS then it'll authenticate my requests to the API, I can then have a config setting or similar where if I'm in dev/test I can bypass going through adfs. Then on the prod server I can disable windows authentication and ensure the requests are authenticated by adfs. This will work for me but would be nice to hear other people's solutions to this problemMattjeS

1 Answers

0
votes

For future reference, I had a similar problem. All I end up doing was, in web.config and web.config transforms switch between

<authentication mode="Windows" />

and <authentication mode="None" /> or <authentication mode="Windows" xdt:Transform="Replace" /> for a web.config transform depending on the configuration required for the environment

And then add a quick check on the Startup file 

        public void ConfigureAuth(IAppBuilder app)
        {
            if (AuthenticationMode == System.Web.Configuration.AuthenticationMode.Windows)
            {
                return;
            }
          //rest of your authentication logic
         } 



private static System.Web.Configuration.AuthenticationMode AuthenticationMode
        {
            get
            {
                // gets a config file from the root of the system
                var configuration = WebConfigurationManager.OpenWebConfiguration("~");

                // gets the web.config part related with authentication
                var authenticationSection = (AuthenticationSection)configuration.GetSection("system.web/authentication");
                return authenticationSection.Mode;
            }
        }

With this I was able to switch seamlessly between types of authentications in different environments (test/staging/prod).