Regular Web Application (WS-Federation)
info
The source code of this project can be found here.
To implement WS-Federation in a regular web application, you'll need to follow the following steps.
1. Configure an application
Utilize the administration UI to configure a new WS-Federation client :
- Open the IdentityServer website at https://localhost:5002.
- On the Clients screen, click on the
Add clientbutton. - Select
WS-Fed Relying Partyand click on next. - Fill-in the form like this and click on the
Savebutton to confirm the creation.
| Parameter | Value |
|---|---|
| Identifier | urn:samplewebsite |
| Name | samplewebsite |
Now your client is ready to be used, you can develop the regular website.
2. Create ASP.NET CORE Application
Finally, create and configure an ASP.NET CORE Application.
- Open a command prompt and execute the following commands to create the directory structure for the solution.
mkdir WsFederationWebsite
cd WsFederationWebsite
mkdir src
dotnet new sln -n WsFederationWebsite
- Create a web project named
Websiteand install theMicrosoft.AspNetCore.Authentication.WsFederationNuGet package.
cd src
dotnet new mvc -n Website
cd Website
dotnet add package Microsoft.AspNetCore.Authentication.WsFederation
- Add the
Websiteproject into your Visual Studio solution.
cd ..\..
dotnet sln add ./src/Website/Website.csproj
- Edit the
Program.csfile and configure the OpenID authentication.
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "sid";
})
.AddCookie("Cookies")
.AddWsFederation("sid", options =>
{
options.Wtrealm = "urn:samplewebsite";
options.MetadataAddress = "https://localhost:5001/master/FederationMetadata/2007-06/FederationMetadata.xml";
});
...
app.UseCookiePolicy(new CookiePolicyOptions
{
Secure = CookieSecurePolicy.Always
});
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
...
- Add a
ClaimsControllercontroller with one protected operation.
public class ClaimsController : Controller
{
[Authorize]
public IActionResult Index()
{
return View();
}
}
- Create a view
Views\Claims\Index.cshtmlwith the following content. This view will display all the claims of the authenticated user.
<ul>
@foreach (var claim in User.Claims)
{
<li>@claim.Type : @claim.Value</li>
}
</ul>
- In a command prompt, navigate to the
src\Websitedirectory and launch the application.
dotnet run --urls=http://localhost:7000
Finally, browse the following URL: http://localhost:7000/claims. The User-Agent will be automatically redirected to the OpenID server. Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed
| Credential | Value |
|---|---|
| Login | administrator |
| Password | password |