We have an existing ASP .Net application which uses forms authentication. A client has requested to integrate with their active directory and a consultant has suggested that we use Shibboleth as the service provider.
We still want to keep forms authentication for other clients but also be able to support federated authentication.
I found this post regarding authentication with Shibboleth but lost on how to integrate this one with our current forms authentication - our application is not yet MVC.
asp.net MVC authentication with Shibboleth
My question is : how dow we convert our application to authenticate with shibboleth but still retain our forms based authentication ?
Thanks in advance.
Related
Is it possible to support integrated windows authentication (Kerberos) in a self hosted web api or is IIS an absolute requirement if integrated window authentication is required ?
Googling around I did not find a clear answer to this question or any sample code that demonstrates how this can be achieved.
I am trying to build self hosted web api that client can authenticate with using windows authentication ( without need to enter username password)
I have a C# MVC application which requires ADFS authentication. ADFS was not considered at the initial stage of the development until completion of the application. Any ideas on how to make the application aware of ADFS? I have configured ADFS with the right claims, the challenge is making the application aware. Any idea is appreciated. I am using ADFS 2.0. It is On-Premise ADFS
Making the application "ADFS aware" requires that the application uses one of the supported protocols i.e. WS-Fed, SAML or OpenID Connect.
Adding WIF (WS-Fed) is a good option.
Building My First Claims-Aware ASP.NET Web Application
Deploying Active Directory Federation Services in Azure
Use the On-Premises Organizational Authentication Option (ADFS) With ASP.NET
in Visual Studio 2013
Using ADFS with Azure for Single Sign-On
in ASP.NET MVC
We currently have an Asp .Net web application (Framework 4.5) using Forms based authentication. A few of our clients are asking for integration with their applications and does not want to have separate login accounts.
What would be the best way to implement this? The solution should be able to validate against different identity providers.
A consultant has suggested to convert the current web app to be claims-aware but not sure how to proceed with it or where to start .
Thanks for all your help.
Making an application claims-aware implies adding support for one of:
WS-Federation
SAML 2.0
OpenID Connect / OAuth
This then enables the application to talk to an IDP for SSO e.g. ADFS, Azure AD, identityserver, Auth0.
In the Microsoft world, web apps use the OWIN NuGet packages for WS-Fed (WIF) or OIDC. For SAML, look here.
Desktop apps use ADAL or the later version MSAL.
ADFS e.g. only authenticates against AD. If you want to authenticate against a DB as well, you federate ADFS with e.g. identityserver or Auth0 both of which have that ability.
My C# .net 4.5 asp.net app currently uses forms authentication. We need to implement SSO on it via an on-premises ADFS 3.0 server that will link to external ADFS servers using Claims Provider Trusts.
The thing is that some users will continue logging in the old Forms Auth way while others will be authenticating using their ADFS credentials.
Can ADFS and Forms Auth be mixed? How can I direct the different users to the different logins?
I read here that I might need to code my own Custom Auth Provider...this seems pretty complicated. Is there another simpler way?
I have the following solution:
Web api project.
MVC 4 project.
I need to authenticate user by sending its credentials using a JSON request (https is a must).
is it a good approach ? and how can i authenticate the user on both web api and MVC .
is it a good approach ?
Yeah, why not.
and how can i authenticate the user on both web api and MVC .
If the Web API requires authentication you could use the same Forms Authentication as the MVC application. So you could configure Forms Authentication in the web.config of the Web API application and then decorate the actions that require authentication with the [Authorize] attribute. Then clients that need to query those methods will need to include the Forms Authentication cookie along with the request.
It is important to note that in order for the Web API to be able to decrypt the forms authentication cookie that was emitted the MVC application, both applications need to share the same machine keys.
You can use Basic Authentication. You need to create Authenticationfilter.
There is an opensource library. (WEbAPIDoddle)
https://github.com/WebAPIDoodle/WebAPIDoodle