6

I'm in the process of getting my head round using AD FS to authenticate a user in a .NET 4.5 app. I can't find any examples of requesting/receiving the token from a console app and converting that token into a ClaimsPrinciple. The only examples I can find are WCF configuration based and I would really like to see the actual code that can do this in it's simplest form.

I've installed AD FS and think I've got it configured ready to receive requests. I've created a relying party, given it a key and assigned a couple of claims to it.

Can anyone point me in the right direction or what I need to do now in my console app to send authentication requests to it?

Thanks

Gavin
  • 17,053
  • 19
  • 64
  • 110

1 Answers1

8

The easiest way is to use the WSTrustChannelFactory from .NET 4.5.

See the RequestSecurityToken method here: http://leastprivilege.com/2012/11/16/wcf-and-identity-in-net-4-5-external-authentication-with-ws-trust/

After you have the token you run it through the corresponding token handler to turn it into a ClaimsPrincipal.

I have helper methods and bindings in my library on github: https://github.com/thinktecture/Thinktecture.IdentityModel.45

(look for the WCF folder, WSTrustClient and the Extensions folder).

leastprivilege
  • 18,196
  • 1
  • 34
  • 50
  • Awesome, I think that's got me nearly there. I switched out the binding in the example for WindowsWSTrust as I want to authenticate the current logged in user. I'm getting this now though "the http request is unauthorized with client authentication scheme 'anonymous'" – Gavin Jan 25 '13 at 15:17
  • I've tried a few trust/13/windows, trust/13/windowstransport and trust/2005/windowstransport – Gavin Jan 28 '13 at 08:53
  • 1
    Use the 1.3 endpoints. Security modes have to match (Transport, Mixed Mode etc). – leastprivilege Jan 28 '13 at 13:53
  • Thanks, using 13\WindowsMixed gets me past that and on to a faultException in WSTrustChannel.ReadResponse. I guess I've got some more playing to do. Marking this as answer as has got me on the right track, thanks. – Gavin Jan 28 '13 at 16:24