Monday, January 24, 2011

MIgration to Azure - Part 3 HelloWorld

How to - ADFS with HelloWorld

  1. Create one cloud project and add one web role. The web role will contain very
    simple 'HelloWorld'.
  2. Upload one .pfx certificate to http://windows.Azure.com
  3. Add certificate and STS reference to project -
    http://claimsid.codeplex.com/

Adding certificate and STS reference will make some changes in web.config and in
service configuration file -

  • Service Configuration file




<Certificates> <Certificate name="Certificate2"
thumbprint="xxxxxxxxxxxxxxxxxx" thumbprintAlgorithm="sha1"
/> </Certificates>


  • Web.config File

 

 <system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ClaimsPrincipalHttpModule" type="Microsoft.IdentityModel.Web.ClaimsPrincipalHttpModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>
</system.webServer>

 

And     

 

<microsoft.identityModel>
<service>
<!--Commented out by FedUtil-->
<serviceCertificate><certificateReference x509FindType="FindByThumbprint" findValue="A97379892B76D70BC4C453C5F4AAC00428DB7E83" storeLocation="LocalMachine" storeName="My" /></serviceCertificate>
<applicationService>
<claimTypeRequired>
<!--Following are the claims offered by STS 'urn:federation:MSFT'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/claims/CommonName" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/claims/EmailAddress" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/claims/Group" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/claims/UPN" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" optional="true" />-->
</claimTypeRequired>
</applicationService>
<!--Commented out by FedUtil-->

<audienceUris>
<add value="https://ptswebdev.cloudapp.net/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://corp.sts.microsoft.com/adfs/ls/" realm="https://ptswebdev.cloudapp.net" requireHttps="true" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="41DFA100BE890909B3ED5E93761F8174680EACD6" name="urn:federation:MSFT" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>

 

  1. Now Open Global.asax -

Add following

void Application_Start(object sender, EventArgs e)

{

// Code that runs on application startup
FederatedAuthentication.ServiceConfigurationCreated += new EventHandler(FederatedAuthentication_ServiceConfigurationCreated);
FederatedAuthentication.WSFederationAuthenticationModule.RedirectingToIdentityProvider
+= new EventHandler(WSFederationAuthenticationModule_RedirectingToIdentityProvider);

 }

 void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender,
RedirectingToIdentityProviderEventArgs e)

 {

 Uri reqUrl = Request.Url; StringBuilder wreply = new StringBuilder();
wreply.Append(reqUrl.Scheme); // e.g. "http" wreply.Append("://");
wreply.Append(Request.Headers["Host"] ?? reqUrl.Authority);
wreply.Append(Request.ApplicationPath); if
(!Request.ApplicationPath.EndsWith("/")) { wreply.Append("/"); }
e.SignInRequestMessage.Reply = wreply.ToString();

 }

void FederatedAuthentication_ServiceConfigurationCreated(object sender,
Microsoft.IdentityModel.Web.Configuration.ServiceConfigurationCreatedEventArgs
e)

{

List sessionTransforms = new List( new
CookieTransform[] { new DeflateCookieTransform(), new
RsaEncryptionCookieTransform( e.ServiceConfiguration.ServiceCertificate), new
RsaSignatureCookieTransform( e.ServiceConfiguration.ServiceCertificate) });
SessionSecurityTokenHandler sessionHandler = new
SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace( sessionHandler);

 }

Open Default.aspx -

On Page load or any event Add following -

protected void Page_Load(object sender, EventArgs e)

 {

try

{

 IClaimsIdentity ici = Thread.CurrentPrincipal.Identity as IClaimsIdentity; foreach
(Claim c in ici.Claims) Response.Write(c.ClaimType + " - " + c.Value + "

");

 }

 catch (Exception ex)

{ Response.Write(ex.ToString()); }

 }

 

You are done :)) Bingoo

I didn't added much for adding STS and ceritifcate as it is widely
avaiable on net.

No comments:

Post a Comment