misc

Ws-Fed (Web Services Federation)

October 31, 2019 WS-Fed, services

WS-Fed

Ws-Fed is an identity federation specification.

Dot.net core provides a framework for quickly adding authentication mechnisms to a MVC project.

Services.AddAuthentication(options =>{ options.defaultScheme = "cookie";
options.DefaultChallengeScheme = "oidc";
}).AddCookie("cookie","options => ...}).AddWsFederation("oidc",options => Options.MetadataAddress = "FederationMetadata.xml";
options.Wtrealm = "Realm"
options.Events.OnTicketReceived += OnTicketReceived;
Options.Events.OnSecurityTokenValidated += OnSecurityTokenValidated;});

servicec#s.AddAuthorization(options => options.AddPolicy("WebAPI", policy => policy.RequireClaim("APIAccess", "Sync")));

You can add custom events etc in the event handers

private Task OnSecurityTokenValidated(SecurityTokenValidatedContext arg)
        {
            //  var xx = arg.Properties.RedirectUri;
            // if (String.IsNullOrEmpty(arg.Properties.RedirectUri))
            // arg.Properties.RedirectUri = "/";
            return Task.FromResult(0);
        }

        private async Task OnTicketReceived(TicketReceivedContext arg)
        {
            var groups = arg.Principal.Claims.Where(c => c.Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid").ToList();

            //foreach(var g in groups)
            //{
            //    Console.WriteLine(g.Value);
            //}

            //HttpContext.Session.SetString(SessionKeyName, "Groups");
            //HttpContext.Session.SetInt32(SessionKeyAge, 773);
            //todo do some checking. compare e-mail to administrators in DB
            var identity = arg.Principal.Identities.First();
            identity.AddClaim(new Claim("isAdmin", "true"));
        }

Add to the controller code

[Authorize(AuthenticationSchemes = "oidc")]
More from misc