ComponentSpace

Forums



Migrating from .Net Framework to .Net Core which SAML approach better


Migrating from .Net Framework to .Net Core which SAML approach better

Author
Message
ankitgada
ankitgada
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 11
Hello,
We have been using ComponentSpace .Net library in our ASP.NET MVC application for some time now. We just authenticate users using ADFS, once authenticated we handle Authorization in our database. For this we used SP-Initiated-SSO with FormsAuthentication & have put [Authorize] attribute on top of all of our controllers. 

Now we have converted that same application to .Net Core and we have a licensed version of ComponentSpace .Net Core library. I understand that there are two approaches SAML API and SAML Middleware. I have tried both in a test application using ExampleIdentityProvider as the IDP. Based on my understanding SAML middleware seems to be align the way we were doing the Authentication in the .Net version of that application. But SAML middleware is based on Microsoft identity and I my application does not use it, so I was wondering what to configure to capture the SAML assertion back. I tried to add a SAML controller and a AssertionConsumerService method and configured it this way added something like this :
services.AddSaml(Configuration.GetSection("SAML"));
   
    services.AddAuthentication().AddSaml(options =>
    {
      options.PartnerName = () => Configuration["PartnerName"];
      options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      options.AssertionConsumerServicePath = Configuration["AssertionConsumerServicePath"];
    });



Also i added a MVC controller with a Authorize attribute like this :
[Authorize(AuthenticationSchemes = SamlAuthenticationDefaults.AuthenticationScheme)]
  public class HomeController : Controller
  {
   public IActionResult Index()
   {
    string user = HttpContext.Session.GetString("user");
  
    return View();
   }

And the AssertionConsumerService is same as it would be SAML API

public async Task<IActionResult> AssertionConsumerService()
   {
  
    var ssoResult = await _samlServiceProvider.ReceiveSsoAsync();
     HttpContext.Session.SetString("user", ssoResult.UserID);
    return RedirectToAction("About", "Home");
   }


But this seems to go in a recurring cycle of App-IDP-App-IDP......

So Is my approach incorrect ? Should I use SAML API instead of Middleware ?

-Ankit
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Ankit
I suggest using the SAML API rather than SAML middleware.
This gives you more control and is closer to how SAML works for ASP.NET.



Regards
ComponentSpace Development
ankitgada
ankitgada
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 11
ComponentSpace - 4/2/2019
Hi Ankit
I suggest using the SAML API rather than SAML middleware.
This gives you more control and is closer to how SAML works for ASP.NET.


Thanks for a prompt reply. So if I use the SAML Api, only thing I am struggling with at this point is how every controller/page would check if the user is a logged in already or if logged in is his SAML session expired ? In my .Net version it was Forms.Authentication and I had [Authorize] keyword for all controllers which used to check the FormsAuthentication cookie I guess. 

Any idea about this ?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Just use the standard ASP.NET Core authorization which is similar to what you do in ASP.NET.
Just add an [Authorize] to those pages that require it.
Our ExampleServiceProvider's Claims page specifies [Authorize].



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search