Base solution for your next web application
Open Closed

Using ADFS in ABP #2030


User avatar
0
asseco created

I am trying to use adfs in abp, but i am facing not lot of problems. Can you provide full solution for aspnetzero and adfs?

or give me all steps what to do including adfs configuration

thanks


5 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Latest AspNet Zero template contains a basic implementation of ADFS. You need to fill below settings in your web.config.

    <add key="ExternalAuth.WsFederation.IsEnabled" value="false" />
    <add key="ExternalAuth.WsFederation.MetaDataAddress" value="" />
    <add key="ExternalAuth.WsFederation.Wtrealm" value="" />
    

    Then it should work.

  • User Avatar
    0
    asseco created

    I already do that, done some adfs configuration. Now i have problem when i am trying to login with AD user. I am using _userManager.LoginAsync method to login.

    var loginResult = await _userManager.LoginAsync(loginInfo.Login, tenancyName);
    
    loginInfo.Login.LoginProvider -- http://{servername}/adfs/services/trust
    loginInfo.Login.ProviderKey -- {username}@{domain}
    

    I am getting result => AbpLoginResultType.UnknownExternalLogin. why? How can i fix that? Am i doing something wrong?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    After filling those settings in web.config, an icon must appear in the login page. Do you try to login by clicking that icon ?

  • User Avatar
    0
    asseco created

    Sure. I make it work. lets me tell what i have done

    1. Add ADFS to AD server.
    2. Change aspnetzero app to be secure(from http to https)
    3. Change Startup.Configuration. add wsfederation after app.UseAbp().
    if (IsTrue("ExternalAuth.WsFederation.IsEnabled"))
                {
                    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
                    app.UseWsFederationAuthentication(CreateWsFederationAuthOptions());
                }
    
    1. Add code to Global.asax
    System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate
                {
                    return true;
                };
    
    1. Change AppSettingProvider startup configuration to use https url.
    2. Change ADFS Relying Party Trust Claim Rules
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Thank you for sharing your solution in details. We have tried ADFS with Azure's Active Directory and it does not require https.

    We couldn't have a chance to try it with an internal ADFS server because it's really hard to setup one.

    Thanks again.