How to - ADFS with HelloWorld
- Create one cloud project and add one web role. The web role will contain very
simple 'HelloWorld'. - Upload one .pfx certificate to http://windows.Azure.com
- Add certificate and STS reference to project -
http://claimsid.codeplex.com/
Adding certificate and STS reference will make some changes in web.config and in
service configuration file -
- Service Configuration file
<Certificates> <Certificate name="Certificate2"
thumbprint="xxxxxxxxxxxxxxxxxx" thumbprintAlgorithm="sha1"
/> </Certificates>
Web.config File
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ClaimsPrincipalHttpModule" type="Microsoft.IdentityModel.Web.ClaimsPrincipalHttpModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>
</system.webServer>
And
<microsoft.identityModel>
<service>
<!--Commented out by FedUtil-->
<serviceCertificate><certificateReference x509FindType="FindByThumbprint" findValue="A97379892B76D70BC4C453C5F4AAC00428DB7E83" storeLocation="LocalMachine" storeName="My" /></serviceCertificate>
<applicationService>
<claimTypeRequired>
<!--Following are the claims offered by STS 'urn:federation:MSFT'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/claims/CommonName" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/claims/EmailAddress" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/claims/Group" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/claims/UPN" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" optional="true" />-->
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" optional="true" />-->
</claimTypeRequired>
</applicationService>
<!--Commented out by FedUtil-->
<audienceUris>
<add value="https://ptswebdev.cloudapp.net/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://corp.sts.microsoft.com/adfs/ls/" realm="https://ptswebdev.cloudapp.net" requireHttps="true" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="41DFA100BE890909B3ED5E93761F8174680EACD6" name="urn:federation:MSFT" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
- Now Open Global.asax -
Add following
void Application_Start(object sender, EventArgs e)
{
// Code that runs on application startup
FederatedAuthentication.ServiceConfigurationCreated += new EventHandler
FederatedAuthentication.WSFederationAuthenticationModule.RedirectingToIdentityProvider
+= new EventHandler
}
void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender,
RedirectingToIdentityProviderEventArgs e)
{
Uri reqUrl = Request.Url; StringBuilder wreply = new StringBuilder();
wreply.Append(reqUrl.Scheme); // e.g. "http" wreply.Append("://");
wreply.Append(Request.Headers["Host"] ?? reqUrl.Authority);
wreply.Append(Request.ApplicationPath); if
(!Request.ApplicationPath.EndsWith("/")) { wreply.Append("/"); }
e.SignInRequestMessage.Reply = wreply.ToString();
}
void FederatedAuthentication_ServiceConfigurationCreated(object sender,
Microsoft.IdentityModel.Web.Configuration.ServiceConfigurationCreatedEventArgs
e)
{
List
CookieTransform[] { new DeflateCookieTransform(), new
RsaEncryptionCookieTransform( e.ServiceConfiguration.ServiceCertificate), new
RsaSignatureCookieTransform( e.ServiceConfiguration.ServiceCertificate) });
SessionSecurityTokenHandler sessionHandler = new
SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace( sessionHandler);
}
Open Default.aspx -
On Page load or any event Add following -
protected void Page_Load(object sender, EventArgs e)
{
try
{
IClaimsIdentity ici = Thread.CurrentPrincipal.Identity as IClaimsIdentity; foreach
(Claim c in ici.Claims) Response.Write(c.ClaimType + " - " + c.Value + "
");
}
catch (Exception ex)
{ Response.Write(ex.ToString()); }
}
You are done :)) Bingoo
I didn't added much for adding STS and ceritifcate as it is widely
avaiable on net.