Migrating an ASP.NET MVC application to ADFS authentication

I recently built an ASP.NET application at work to help track internal use of our products. It‘s been really well received, but only a few days after launch one of our managers came over and asked if we could move the site to Azure so that people didn‘t need to be in the office or on the VPN. Getting sites published on Azure itself is fairly easy with the publishing tools in Visual Studio - but dealing with authentication itself is a bit more difficult. The site uses Windows authentication - not something suitable for use on Azure.

There seem to be a few options when migrating away:

* Windows Azure Active Directory (effectively replicate your AD into Azure)
* Azure Access Control Services (now deprecated)
* On premise ADFS (can be made public for authentication outside the office)

Given ACS is deprecated and we already had an ADFS server I went down
the ADFS route. It‘s not as easy as it should be - you can‘t change the
authentication option easily in VS 2013 after you‘ve created a project.
Here‘s how I did it:

(Throughout the following, replace with the hostname of your application and with the hostname of your ADFS server)

Open your web.config file

Add the following to (or create if necessary) the configSections element:

<configSections>
<section name="system.identityModel"
type="System.IdentityModel.Configuration.SystemIdentityModelSection,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services"
type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=B77A5C561934E089" />
</configSections>

Add the following to (or create if necessary) the appSettings element:

<appSettings>
<add key="ida:FederationMetadataLocation"
value="https://<sts.local>/federationmetadata/2007-06/federationmetadata.xml"
/>
<add key="ida:Realm" value="https://<app.local>/" />
<add key="ida:AudienceUri" value="https://<app.local>/" />
</appSettings>

Change the authentication mode to None:

<authentication mode="None" />

Add the following configuration sections:

<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule"
type="System.IdentityModel.Services.WSFederationAuthenticationModule,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule"
type="System.IdentityModel.Services.SessionAuthenticationModule,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://<app.local>/" />
</audienceUris>
<securityTokenHandlers>
<add
type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
<remove
type="System.IdentityModel.Tokens.SessionSecurityTokenHandler,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry
type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry,
System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://<sts.local>/adfs/services/trust">
<keys>
<add thumbprint="<thumbprint>" />
</keys>
<validIssuers>
<add name="http://<sts.local>/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://<sts.local>/adfs/ls/"
realm="https://<app.local>/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>

Add the following references

System.IdentityModel
System.IdentityModel.Services
System.IdentityModel.Tokens.ValidatingIssuer

You now need to register your app with the ADFS server as a "relying party"

时间: 2024-11-05 16:08:15

Migrating an ASP.NET MVC application to ADFS authentication的相关文章

[转]Creating an Entity Framework Data Model for an ASP.NET MVC Application (1 of 10)

本文转自:http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/creating-an-entity-framework-data-model-for-an-asp-net-mvc-application Creating an Entity Framework Data Model for an ASP.NET MVC Application (1 of 10) By      

[转]剖析ASP.Net MVC Application

http://www.cnblogs.com/errorif/archive/2009/02/13/1389927.html 为了完全了解Asp.net MVC是怎样工作的,我将从零开始创建一个MVC应用程序. 1.创建一个新的ASP.Net Web Application.它包括有一个Default.aspx页面,一个标准的web.config文件和添加一些初始的引用. 2.添加对“System.Web.Abstractions.dll”.“System.Web.Routing.dll” 和“

[转]Sorting, Filtering, and Paging with the Entity Framework in an ASP.NET MVC Application (3 of 10)

本文转自:http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/sorting-filtering-and-paging-with-the-entity-framework-in-an-asp-net-mvc-application Download Completed Project The Contoso University sample web application de

Active Directory Authentication in ASP.NET MVC 5 with Forms Authentication and Group-Based Authorization

I know that blog post title is sure a mouth-full, but it describes the whole problem I was trying to solve in a recent project. The Project Let me outline the project briefly.  We were building a report dashboard-type site that will live inside the c

CRUD Operations In ASP.NET MVC 5 Using ADO.NET

Background After awesome response of an published by me in the year 2013: Insert, Update, Delete In GridView Using ASP.Net C#. It now has more than 140 K views, therefore to help beginners I decided to rewrite the article i with stepbystep approach u

[渣译文] 使用 MVC 5 的 EF6 Code First 入门 系列:为ASP.NET MVC应用程序读取相关数据

这是微软官方教程Getting Started with Entity Framework 6 Code First using MVC 5 系列的翻译,这里是第六篇:为ASP.NET MVC应用程序读取相关数据 原文:Reading Related Data with the Entity Framework in an ASP.NET MVC Application 译文版权所有,谢绝全文转载--但您可以在您的网站上添加到该教程的链接. 在之前的教程中您已经完成了学校数据模型.在本教程中你将

ASP.NET MVC过滤器(一)

MVC过滤器是加在 Controller 或 Action 上的一种 Attribute,通过过滤器,MVC 网站在处理用户请求时,可以处理一些附加的操作,如:用户权限验证.系统日志.异常处理.缓存等.MVC 中包含Authorization filter.Action filter.Result filter.Exception filter 四种过滤器. APS.NET MVC中的每一个请求,都会分配给相应的控制器和对应的行为方法去处理,而在这些处理的前前后后如果想再加一些额外的逻辑处理.这

ASP.NET MVC WebGrid &ndash; Performing true AJAX pagination and sorting 【转】

ASP.NET MVC WebGrid – Performing true AJAX pagination and sorting FEBRUARY 27, 2012 14 COMMENTS WebGrid is a very powerful HTML helper component introduced with ASP.NET MVC 3 and ASP.NET Web Pages. Despite all its cool features, it is troublesome to

ASP.NET MVC Display Mode 移动端视图 配置对微信内置浏览器的识别

最近在捣鼓一个稍微有点low的商城网站,没有计划做app却要求有个wap版,而前端又没有做成响应式,时间WTF,直接利用了asp.net mvc的Display Mode Provider. 使用方式依照上面的链接地址,asp.net mvc application启动的时候会在全局变量 DisplayModeProvider.Instance.Modes 集合中加入 DisplayModeId == "Mobile" 的 IDisplayMode ,因此如果想要在移动端浏览器中展示移