How to use? about windowsauthentication HOT 5 CLOSED

Dup: #1

from windowsauthentication.

I don't know if i got everything right, but this is how i did it:

1. WindowsAuthentication Server
   Download this package. I'll use the self-host option.
   This "WindowsAuthentication" Server runs as a seperate process and as an additional IDP for the identity server.

I created the sts certificate, and set some options in the Startup class...

IdpReplyUrl = "https://identityserverurl/core/login",
IdpRealm = "urn:win",
EnableWsFederationMetadata = true

run it. you can check the metadata endpoint under the URL specified in the Program class.

2. Identity Server
   On the Identity Server, install the Microsoft.Owin.Security.WsFederation nuget package.

In your IdentityServerOptions, add
IdentityProviders = ConfigureAdditionalIdentityProviders. This may look like this

 var options = new IdentityServerOptions
                {
                    SiteName = "IdentityServer3",
                    SigningCertificate = Certificate.Get(),
                    Factory = idSvrFactory,
                    AuthenticationOptions = new AuthenticationOptions
                    {
                        EnablePostSignOutAutoRedirect = true,
                        IdentityProviders = ConfigureAdditionalIdentityProviders,
                    },
                };

then use this piece of code as described in the identity server docs.

var windowsAuthentication = new WsFederationAuthenticationOptions
            {
                AuthenticationType = "windows",
                Caption = "Windows",
                SignInAsAuthenticationType = signInAsType,
                MetadataAddress = "http://localhost:44350/",
                Wtrealm = "urn:win"
            };
            app.UseWsFederationAuthentication(windowsAuthentication);

The Wtrealm of WsFedAuthOptions and the IdpRealm on AuthenticationServer must match, else you'll get an error like this:

IDX10214: Audience validation failed. Audiences: 'urn:win'. Did not match:  validationParameters.ValidAudience: 'urn:win1' or validationParameters.ValidAudiences: 'null'

If I use my client page to access a protected resource I'll get a redirect to Identity Server, pick the "Windows" authentication provider, get a (ws fed) redirect to the WindowsAuthentication Server, see the consent page (with OAuth URL parameters) and login.

The one thing that doesn't work in my example is the redirect after logout. I can specify a wreply URL in WsFederationAuthenticationOptions and change the AuthenticationController to redirect, but that won't work if I have different clients.

from windowsauthentication.

you don't need the WsFed plugin. Unless you want to talk WsFed from Client to Idsrv

from windowsauthentication.

Yes, sorry, I got that one now.

from windowsauthentication.

Does anyone have a more complete working example? I've been trying to gather snippets from across the web to get this to work, and nothing so far has done it.

from windowsauthentication.