Thursday, 22 December 2016

Implement Kentor auth service in asp.net MVC


It's very simple to Implement Kentor auth service.

For example point of view i am taking Kentor.AuthServices.StubIdp as my IDP(identity provider)
  • Install Kentor AuthServices for Nuget to your application
    •  Install-Package Kentor.AuthServices 
  •  Your need two certificates service Certificates and signing Certificate. for data exchange and Encryption. Download certificate http://stubidp.kentor.se/
  •  Add the following code to your web config file.
    •  <configSections>
          <!--This Section for load Required files for sso-->
          <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
          <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
          <section name="kentor.authServices" type="Kentor.AuthServices.Configuration.KentorAuthServicesSection, Kentor.AuthServices"/>
          <!--End of section--  </configSections>
    • <authentication mode="Forms">
            <forms loginUrl="~/AuthServices/SignIn" />
          </authentication>
    • <kentor.authServices entityId="http://localhost:61548/Home/Index"
                             returnUrl="http://localhost:61548/Home/Index"
                             authenticateRequestSigningBehavior="Never">
          <nameIdPolicy allowCreate="true"
                        format="Persistent"/>
          <metadata cacheDuration="0:0:42"
                    validDuration="7.12:00:00"
                    wantAssertionsSigned="true">
            <organization name="Kentor IT AB"
                          displayName="Kentor"
                          url="http://www.kentor.se"
                          language="sv" />
            <contactPerson type="Other" email="info@kentor.se" />
            <!--<requestedAttributes>
              <add friendlyName ="Some Name"
                   name="urn:someName"
                   nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                   isRequired="true" />
              <add name="Minimal" />
              <add friendlyName="employee_number" name="urn:employee_number" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
              <add friendlyName="language" name="urn:language" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />

            </requestedAttributes>-->
          </metadata>
          <identityProviders>
            <add entityId="http://stubidp.kentor.se/Metadata"
                 signOnUrl="http://stubidp.kentor.se"
                 allowUnsolicitedAuthnResponse="true"
                 binding="HttpRedirect"
                 wantAuthnRequestsSigned="true">
              <signingCertificate fileName="~/App_Data/Kentor.AuthServices.StubIdp.cer" />
            </add>
          
          </identityProviders>
          <!--<federations>
            <add metadataLocation="http://stubidp.kentor.se" allowUnsolicitedAuthnResponse="true" />
          </federations>-->
          <serviceCertificates>
            <add fileName="~/App_Data/Kentor.AuthServices.Tests.pfx" />
          </serviceCertificates>
        </kentor.authServices>
  •  To get authencated user details user this code to your action method
    • [Authorize]
        public ActionResult Index()
        {
        var identity = System.Web.HttpContext.Current.User.Identity as ClaimsIdentity;
        return View(identity.Claims);
        }
       
  •  Your View Should have following code to print values that received for idp
    •  @model System.Collections.Generic.IEnumerable<System.Security.Claims.Claim>
        <p>This is a secure page that only works when logged in.</p>
        <p>Claims:</p>
        <ul>
        @foreach (var claim in Model)
        {
        <li>@claim.Type - @claim.Value</li>
        }
        </ul>
  • For more detail configuration click Knetor auth service