Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
NativeClient-WebAPI-DotNet-TP4-Git - Sample for ADFS 4.0 - Server 2016
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<appSettings>
<!--Added ADFS 4.0 code-->
<!--<add key="ida:Tenant" value="[Enter tenant name, e.g. contoso.onmicrosoft.com]" />-->
<!--<add key="ida:ClientId" value="[Enter client ID as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]" />-->
<add key="ida:ClientId" value="46cfcdbf-edf6-...d8f6" />
<!--<add key="ida:RedirectUri" value="[Enter redirect URI as entered in Azure Portal, e.g. http://TodoListClient]" />-->
<add key="ida:RedirectUri" value="http://TodoListClient" />
<!-- <add key="todo:TodoListResourceId" value="[Enter App ID URI of TodoListService, e.g. https://contoso.onmicrosoft.com/TodoListService]" />-->
<add key="todo:TodoListResourceId" value="https://localhost:44324/NativeTodoListService" />
<!--<add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />-->
<add key="todo:TodoListBaseAddress" value="https://localhost:44324/NativeTodoListService" />
</appSettings>
</configuration>
// ADFS 4.0
/*private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);
private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);*/
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);
...
InitializeComponent();
//
// As the application starts, try to get an access token without prompting the user. If one exists, populate the To Do list. If not, continue.
//
// ADFS 4.0
//authContext = new AuthenticationContext(authority, new FileCache());
authContext = new AuthenticationContext("https://my-adfs/adfs/", false);
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.ActiveDirectory;
using Owin;
namespace TodoListService
{
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
/*app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Audience = ConfigurationManager.AppSettings["ida:Audience"],
Tenant = ConfigurationManager.AppSettings["ida:Tenant"]
});*/
// Added ADFS 4.0 code
app.UseActiveDirectoryFederationServicesBearerAuthentication(
new ActiveDirectoryFederationServicesBearerAuthenticationOptions
{
Audience = "https://localhost:44324/NativeTodoListService",
MetadataEndpoint = "https://my-adfs/FederationMetadata/2007-06/FederationMetadata.xml"
});
}
}
}
//----------------------------------------------------------------------------------------------
// Copyright 2014 Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//----------------------------------------------------------------------------------------------
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
// The following using statements were added for this sample.
using System.Collections.Concurrent;
using TodoListService.Models;
using System.Security.Claims;
namespace TodoListService.Controllers
{
[Authorize]
public class TodoListController : ApiController
{
//
// To Do items list for all users. Since the list is stored in memory, it will go away if the service is cycled.
//
static ConcurrentBag<TodoItem> todoBag = new ConcurrentBag<TodoItem>();
// GET api/todolist
public IEnumerable<TodoItem> Get()
{
//
// The Scope claim tells you what permissions the client application has in the service.
// In this case we look for a scope value of user_impersonation, or full access to the service as the user.
//
// ADFS 4.0
/*if (ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value != "user_impersonation")
{
throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'user_impersonation' or scope claim not found" });
}*/
// A user's To Do list is keyed off of the NameIdentifier claim, which contains an immutable, unique identifier for the user.
Claim subject = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier);
return from todo in todoBag
where todo.Owner == subject.Value
select todo;
}
// POST api/todolist
public void Post(TodoItem todo)
{
// ADFS 4.0
/*if (ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value != "user_impersonation")
{
throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'user_impersonation' or scope claim not found" });
}*/
if (null != todo && !string.IsNullOrWhiteSpace(todo.Title))
{
todoBag.Add(new TodoItem { Title = todo.Title, Owner = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value });
}
}
}
}
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<!--ADFS 4.0-->
<!--<add key="ida:Tenant" value="[Enter tenant name, e.g. contoso.onmicrosoft.com]" />
<add key="ida:Audience" value="[Enter App ID URI of TodoListService, e.g. https://contoso.onmicrosoft.com/TodoListService]" />-->
</appSettings>
@nzpcmad

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.