I'm working on a wsFederation POC for my company. The solution should work with MVC apps and webapi services as well. I figured out how to have it working on MVC apps, using the new OWIN authentication middleware. At that point I'm getting SAML2 tokens.
I now would like to make ajax calls to call a method from a webapi controller, passing the SAML token in the authorization header like this in javascript :
var token = '@ViewBag.Token';
var request = {
url: 'https://localhost:44305/api/test/GetStrings',
cache: false,
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'bearer ' + token);
},
type: 'GET',
crossDomain: true,
success: function () {
alert('ok');
},
error: function () {
alert('ko');
}
};
$.ajax(request);
In Firebug (or equivalent), I can see that header is well populated wih the token.
On the server side, I'm trying to use a Thinktecture' Owin extension method to retrieve and check the token :
app.UseSaml2BearerAuthentication(
new Uri("urn:relyingparty2"),
"3AA702552....643E27150591A9",
"http://localSTS")
;
as i've read it here : http://leastprivilege.com/2013/10/31/adding-saml11-and-saml2-support-to-katanaowin/
But it seems that nothing happens.
I would like to avoid adding a message handler, as this method looks like it should do what I'm looking for ...
Any idea ?
