Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Single Sign On implementation in C# using SAML 2.0

Tags:

c#

asp.net

single-sign-on

adfs

For past week I did a lot of research on the topic of using Single Sign On with SAML 2.0. I have found a lot of good articles and I understand the process of SSO in detail, but I am encountering problems when implementing it in our C# solution with .Net Framework 4.5.

Let me describe my understanding of the process and how I imagine I should go about applying it:

  1. The user goes to our software which is the Service Provider (SP). We are having different instances trimmed to our client's needs.

  2. After typing the email address, he should be re-directed to our Identity Provider (IdP). At this point I believe I should be sending an authentication token to check if the user is not already logged in on the IdP. In case the user is, I would want to login the user to our system. In case he is not, he would then log in on their IdP.

  3. After he successfully is authenticated, we are sending the SAML Response token back to our website URL.
  4. When the token arrives at our end, we should decrypt it and when the authentication has been successfully, grant the user access to the service.

So far I haven't found any good resources on the actual process of generating the SAML Request or a way of decrypting our SAML token in the C# code.

For the testing we are using ADFS 2.0 as the IdP and we are getting the SAML Response from it. When we will process the response we would like to compare the information in our database with the email in the response to verify the users details before letting them into the system.

The examples I have been able to find are either out of date or are not giving detailed explanation. If anyone would be able shine some light on it for me, by either providing some examples of implementation or a good and up to date resource that I haven't yet managed to find.

like image 690
mbajer92 Avatar asked Jan 11 '17 10:01

mbajer92

People also ask

What is single sign on implementation?

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

How does SSO work in C#?

User logs into their school's main portal system using a student id/password provided to him/her by the school. User clicks the link to my company's product. User is automatically taken to the dashboard page as if they had just logged in through the login form on our site.

1 Answers

SAMl 2.0 is not a simple protocol and as you have discovered it is not trivial to roll your own.

Use a SAML client side stack.

Note there is not an official one from Microsoft.

Refer SAML : SAML connectivity / toolkit for some ideas.

This will do all the heavy lifting and plumbing for you.

like image 99
rbrayb Avatar answered Sep 21 '22 13:09

rbrayb
Sign in to Comment

Related questions

Required property but Nullable, Entity Framework through Code First
Repeat async task by timer in xamarin forms
How to send a iCal invite with Mailgun Rest API (C#)
SQL Server Binary(16) in c#
Set custom WebView header in UWP
Delete files but not folder C#
Target .Net 4.5 in VS2015 but I am allowed to use C# 6 features?
C# How to minimize another application by a given process id?
How come NullReferenceException is more expensive than any other exception in CLR?
Why does HttpClient leave sockets open?
C# x509 certificate decoder
DDD: Should Persistence Logic belong to Infrastructure Layer?
How to Moq methods that return "this"
Using LINQ in Visual Studio while debugging
Replace a text by incrementing each occurence
Bitwise operations, ulong and int
cancel a c# httpClient GetStreamAsync call
Mix web api action and non api action same controller asp.net core
Drop Shadow effect in Universal Windows Application
How to get whether user is authenticated by custom Action Filter in ASP.NET MVC View?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!