Thursday, 22 December 2016

Implement Kentor auth service in asp.net MVC


It's very simple to Implement Kentor auth service.

For example point of view i am taking Kentor.AuthServices.StubIdp as my IDP(identity provider)
  • Install Kentor AuthServices for Nuget to your application
    •  Install-Package Kentor.AuthServices 
  •  Your need two certificates service Certificates and signing Certificate. for data exchange and Encryption. Download certificate http://stubidp.kentor.se/
  •  Add the following code to your web config file.
    •  <configSections>
          <!--This Section for load Required files for sso-->
          <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
          <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
          <section name="kentor.authServices" type="Kentor.AuthServices.Configuration.KentorAuthServicesSection, Kentor.AuthServices"/>
          <!--End of section--  </configSections>
    • <authentication mode="Forms">
            <forms loginUrl="~/AuthServices/SignIn" />
          </authentication>
    • <kentor.authServices entityId="http://localhost:61548/Home/Index"
                             returnUrl="http://localhost:61548/Home/Index"
                             authenticateRequestSigningBehavior="Never">
          <nameIdPolicy allowCreate="true"
                        format="Persistent"/>
          <metadata cacheDuration="0:0:42"
                    validDuration="7.12:00:00"
                    wantAssertionsSigned="true">
            <organization name="Kentor IT AB"
                          displayName="Kentor"
                          url="http://www.kentor.se"
                          language="sv" />
            <contactPerson type="Other" email="info@kentor.se" />
            <!--<requestedAttributes>
              <add friendlyName ="Some Name"
                   name="urn:someName"
                   nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                   isRequired="true" />
              <add name="Minimal" />
              <add friendlyName="employee_number" name="urn:employee_number" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
              <add friendlyName="language" name="urn:language" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />

            </requestedAttributes>-->
          </metadata>
          <identityProviders>
            <add entityId="http://stubidp.kentor.se/Metadata"
                 signOnUrl="http://stubidp.kentor.se"
                 allowUnsolicitedAuthnResponse="true"
                 binding="HttpRedirect"
                 wantAuthnRequestsSigned="true">
              <signingCertificate fileName="~/App_Data/Kentor.AuthServices.StubIdp.cer" />
            </add>
          
          </identityProviders>
          <!--<federations>
            <add metadataLocation="http://stubidp.kentor.se" allowUnsolicitedAuthnResponse="true" />
          </federations>-->
          <serviceCertificates>
            <add fileName="~/App_Data/Kentor.AuthServices.Tests.pfx" />
          </serviceCertificates>
        </kentor.authServices>
  •  To get authencated user details user this code to your action method
    • [Authorize]
        public ActionResult Index()
        {
        var identity = System.Web.HttpContext.Current.User.Identity as ClaimsIdentity;
        return View(identity.Claims);
        }
       
  •  Your View Should have following code to print values that received for idp
    •  @model System.Collections.Generic.IEnumerable<System.Security.Claims.Claim>
        <p>This is a secure page that only works when logged in.</p>
        <p>Claims:</p>
        <ul>
        @foreach (var claim in Model)
        {
        <li>@claim.Type - @claim.Value</li>
        }
        </ul>
  • For more detail configuration click Knetor auth service





3 comments:

  1. I am unable to setup okta and kentorIT. I tried above configuration but when user comes back to MVC application from Okta, it again redirects to Login page.
    can you share me sample code please, any help appreciated.

    ReplyDelete
  2. this really help me, thanks. I just want to know something, How can I make a POST RESPONSE in my MVC solution?.

    ReplyDelete
  3. Can you share me sample code of implementation?

    ReplyDelete