Hello,
We have been using ComponentSpace .Net library in our ASP.NET MVC application for some time now. We just authenticate users using ADFS, once authenticated we handle Authorization in our database. For this we used SP-Initiated-SSO with FormsAuthentication & have put [Authorize] attribute on top of all of our controllers.
Now we have converted that same application to .Net Core and we have a licensed version of ComponentSpace .Net Core library. I understand that there are two approaches SAML API and SAML Middleware. I have tried both in a test application using ExampleIdentityProvider as the IDP. Based on my understanding SAML middleware seems to be align the way we were doing the Authentication in the .Net version of that application. But SAML middleware is based on Microsoft identity and I my application does not use it, so I was wondering what to configure to capture the SAML assertion back. I tried to add a SAML controller and a AssertionConsumerService method and configured it this way added something like this :
services.AddSaml(Configuration.GetSection("SAML"));
services.AddAuthentication().AddSaml(options =>
{
options.PartnerName = () => Configuration["PartnerName"];
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.AssertionConsumerServicePath = Configuration["AssertionConsumerServicePath"];
});
Also i added a MVC controller with a Authorize attribute like this :
[Authorize(AuthenticationSchemes = SamlAuthenticationDefaults.AuthenticationScheme)]
public class HomeController : Controller
{
public IActionResult Index()
{
string user = HttpContext.Session.GetString("user");
return View();
}
And the AssertionConsumerService is same as it would be SAML API
public async Task<IActionResult> AssertionConsumerService()
{
var ssoResult = await _samlServiceProvider.ReceiveSsoAsync();
HttpContext.Session.SetString("user", ssoResult.UserID);
return RedirectToAction("About", "Home");
}
But this seems to go in a recurring cycle of App-IDP-App-IDP......
So Is my approach incorrect ? Should I use SAML API instead of Middleware ?
-Ankit