Implementing active authentication using adfs

Question

1.00/5 (1 vote)

See more:

Hello All,

I am working on the authentication with Active Directory using ADFS.

While searching, I got few articles to accomplish this requirement, but they are suggesting to redirect the Login page of application to Login page of ADFS and then come back.

Redirecting to ADFS Login page is not suggested as per user experience.

Can anyone help me to find out the solution to authenticate with active directory using ADFS behind the scene ? So, everything will be handled by application code, not by ADFS login page.

Please advise.

Please let me know if you have any concern or query or if you need more information.

What I have tried:

I searched in google to find out the solution, got few articles who are suggesting to redirect to ADFS login page, authenticate and come back to the application. I am not able to find the solution to use ADFS behind the scene.

Posted 15-Feb-16 18:18pm

Advay Pandya

Updated 11-Sep-18 18:57pm

Add a Solution

Comments

Advay Pandya 16-Feb-16 0:52am

@OriginalGriff, @Dave Kreskowiak. Can you please help ?

Member 13774214 11-Apr-18 10:40am

Hi Guys,
I am triggering a batch from Jenkin(in AWS) ,but my Application url is not accessing in AWS jenkins server,So how can i Authenticate My Application URL using any code or ADFS..etc
Please suggestme on this.

Regards
Naresh
9032386956
nareshte4@gmail.com

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Advay Pandya · Accepted Answer · 2016-03-22T01:34:00

Hello All,

After doing some research on this, I followed below steps to implement this successfully.

1) Add your website link as a relying party trust in ADFS. Please refer below guideline for the same.

Step by Step Procedures to add a Relying Party on ADFS 2.0 - SharePoint Pals[^]

2) Collect below necessary items to pass as a parameter:

i) Relying Party Trust URL (Which URL is set as a reluing party trust in ADFS).

ii) Service token URL (Which will you get from the ADFS. Below code supports /13/usernamemixed token).

3) Use below sample code to connect with ADFS behind the scene:

C#

string relyingPartyId = relyingPartyURL; //URL of the relying party in AD FS
string adfsEndpoint = serviceTokenUrl;  //Service Token Url -  /adfs/services/trust/13/usernamemixed


WSTrustChannelFactory factory = new WSTrustChannelFactory( 
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(adfsEndpoint)
);

factory.TrustVersion = TrustVersion.WSTrust13;

var channelCredentials = factory.Credentials;
channelCredentials.UserName.UserName = userName;  //User Name of ADFS user
channelCredentials.UserName.Password = password;  //Password of ADFS user
channelCredentials.SupportInteractive = false;


RequestSecurityToken rst = new RequestSecurityToken
{
    RequestType = Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13Constants.RequestTypes.Issue,
    AppliesTo = new EndpointAddress(relyingPartyId),
    KeyType = Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13Constants.KeyTypes.Bearer,
};

IWSTrustChannelContract channel = factory.CreateChannel();

System.Net.ServicePointManager.ServerCertificateValidationCallback +=
(se, cert, chain, sslerror) =>
{
    return true;
};

SecurityToken token = channel.Issue(rst);

The Token value including the Claim information will be stored in the token object in above example. If the user is not authenticated then the Issue method will throw exception message ("The security token could not be authenticated or authorized.").

Note: There are various chances to get ADFS configuration specific issues.