0

Completely new to ADFS, WIF, claims.. I followed the code in the question: ASP.NET web forms - how to combine WIF authentification with membership provider and role provider and was able to use it to passively authenticate user logged in against AD FS. However, I'm at a lost as to how tp query AD FS for this user to retrieve some of its LDAP attributes as I've configured them through the Relying Party Trust's Claims Rules as I configured within the ADFS Server. Any ideas? Was hoping to use similar code as I've referenced above to retrieve the claims instead of authenticating.

Community
  • 1
  • 1
Darrow7456
  • 196
  • 1
  • 9

1 Answers1

0

Biggest part of the problem is that the mentioned code doesn't rely on ADFS at all. Rather, it creates the identity locally.

I believe you should rather use a passive flow with ADFS, i.e. you want your browser to be redirected to ADFS and then you want user claims back. One of the easiest ways is described here, in one of my tutorials:

http://www.wiktorzychla.com/2014/11/simplest-saml11-federated-authentication.html

Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106
  • Thanks for this, definitely helpful. however we'd prefer to have our users continue to login with the application's login page and then quietly authenticate them in the background to ADFS, instead of physically sending them to the ADFS server for login. I just would like to pull back some claims in the background along with the authentication to AD FS. – Darrow7456 Mar 17 '15 at 12:40
  • That goes with the active endpoint that still returns the SAML token. Details from the client perspective in the Dominick's blog entry: http://leastprivilege.com/2010/04/14/using-an-active-endpoint-to-sign-into-a-web-application/ – Wiktor Zychla Mar 17 '15 at 12:57