diff --git a/aspnetcore/security/authentication/ws-federation.md b/aspnetcore/security/authentication/ws-federation.md index fc1f013277..0ad6172765 100644 --- a/aspnetcore/security/authentication/ws-federation.md +++ b/aspnetcore/security/authentication/ws-federation.md @@ -74,33 +74,29 @@ By default, the new middleware: ![Azure Active Directory: App registration properties](ws-federation/_static/AadAppIdUri.png) +## Use WS-Federation without ASP.NET Core Identity + +The WS-Federation middleware can be used without Identity. For example: +::: moniker range=">= aspnetcore-3.0" +[!code-csharp[](ws-federation/samples/StartupNon31.cs?name=snippet)] +::: moniker-end + +::: moniker range=">= aspnetcore-2.1 < aspnetcore-3.0" +[!code-csharp[](ws-federation/samples/StartupNon21.cs?name=snippet)] +::: moniker-end + ## Add WS-Federation as an external login provider for ASP.NET Core Identity * Add a dependency on [Microsoft.AspNetCore.Authentication.WsFederation](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.WsFederation) to the project. * Add WS-Federation to `Startup.ConfigureServices`: - ```csharp - services.AddIdentity() - .AddEntityFrameworkStores() - .AddDefaultTokenProviders(); +::: moniker range=">= aspnetcore-3.0" +[!code-csharp[](ws-federation/samples/Startup31.cs?name=snippet)] +::: moniker-end - services.AddAuthentication() - .AddWsFederation(options => - { - // MetadataAddress represents the Active Directory instance used to authenticate users. - options.MetadataAddress = "https:///FederationMetadata/2007-06/FederationMetadata.xml"; - - // Wtrealm is the app's identifier in the Active Directory instance. - // For ADFS, use the relying party's identifier, its WS-Federation Passive protocol URL: - options.Wtrealm = "https://localhost:44307/"; - - // For AAD, use the App ID URI from the app registration's Properties blade: - options.Wtrealm = "https://wsfedsample.onmicrosoft.com/bf0e7e6d-056e-4e37-b9a6-2c36797b9f01"; - }); - - services.AddMvc() - // ... - ``` +::: moniker range=">= aspnetcore-2.1 < aspnetcore-3.0" +[!code-csharp[](ws-federation/samples/Startup21.cs?name=snippet)] +::: moniker-end [!INCLUDE [default settings configuration](social/includes/default-settings.md)] @@ -116,32 +112,4 @@ With Azure Active Directory as the provider, the button redirects to an AAD sign ![AAD sign-in page](ws-federation/_static/AadSignIn.png) A successful sign-in for a new user redirects to the app's user registration page: -![Register page](ws-federation/_static/Register.png) - -## Use WS-Federation without ASP.NET Core Identity - -The WS-Federation middleware can be used without Identity. For example: - -```csharp -public void ConfigureServices(IServiceCollection services) -{ - services.AddAuthentication(sharedOptions => - { - sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; - sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; - sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme; - }) - .AddWsFederation(options => - { - options.Wtrealm = Configuration["wsfed:realm"]; - options.MetadataAddress = Configuration["wsfed:metadata"]; - }) - .AddCookie(); -} - -public void Configure(IApplicationBuilder app) -{ - app.UseAuthentication(); - // … -} -``` +![Register page](ws-federation/_static/Register.png) \ No newline at end of file diff --git a/aspnetcore/security/authentication/ws-federation/samples/Startup21.cs b/aspnetcore/security/authentication/ws-federation/samples/Startup21.cs new file mode 100644 index 0000000000..2b288be408 --- /dev/null +++ b/aspnetcore/security/authentication/ws-federation/samples/Startup21.cs @@ -0,0 +1,83 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Identity; +using Microsoft.AspNetCore.Hosting; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.HttpsPolicy; +using Microsoft.AspNetCore.Mvc; +using Microsoft.EntityFrameworkCore; +using WebApp21.Data; +using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.DependencyInjection; + +namespace WebApp21 +{ + public class Startup + { + public Startup(IConfiguration configuration) + { + Configuration = configuration; + } + + public IConfiguration Configuration { get; } + + // This method gets called by the runtime. Use this method to add services to the container. + #region snippet + public void ConfigureServices(IServiceCollection services) + { + services.AddDbContext(options => + options.UseSqlServer( + Configuration.GetConnectionString("DefaultConnection"))); + services.AddDefaultIdentity() + .AddEntityFrameworkStores(); + + services.AddAuthentication() + .AddWsFederation(options => + { + // MetadataAddress represents the Active Directory instance used to authenticate users. + options.MetadataAddress = "https:///FederationMetadata/2007-06/FederationMetadata.xml"; + + // Wtrealm is the app's identifier in the Active Directory instance. + // For ADFS, use the relying party's identifier, its WS-Federation Passive protocol URL: + options.Wtrealm = "https://localhost:44307/"; + + // For AAD, use the App ID URI from the app registration's Properties blade: + options.Wtrealm = "https://wsfedsample.onmicrosoft.com/bf0e7e6d-056e-4e37-b9a6-2c36797b9f01"; + }); + + services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); + } + #endregion + + // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. + public void Configure(IApplicationBuilder app, IHostingEnvironment env) + { + if (env.IsDevelopment()) + { + app.UseDeveloperExceptionPage(); + app.UseDatabaseErrorPage(); + } + else + { + app.UseExceptionHandler("/Home/Error"); + app.UseHsts(); + } + + app.UseHttpsRedirection(); + app.UseStaticFiles(); + app.UseCookiePolicy(); + + app.UseAuthentication(); + + app.UseMvc(routes => + { + routes.MapRoute( + name: "default", + template: "{controller=Home}/{action=Index}/{id?}"); + }); + } + } +} diff --git a/aspnetcore/security/authentication/ws-federation/samples/Startup31.cs b/aspnetcore/security/authentication/ws-federation/samples/Startup31.cs new file mode 100644 index 0000000000..47ca4a704b --- /dev/null +++ b/aspnetcore/security/authentication/ws-federation/samples/Startup31.cs @@ -0,0 +1,81 @@ +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Hosting; +using Microsoft.AspNetCore.Identity; +using Microsoft.EntityFrameworkCore; +using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Hosting; +using WebApplication88.Data; + +namespace WebApplication88 +{ + public class Startup + { + public Startup(IConfiguration configuration) + { + Configuration = configuration; + } + + public IConfiguration Configuration { get; } + + #region snippet + public void ConfigureServices(IServiceCollection services) + { + services.AddDbContext(options => + options.UseSqlServer( + Configuration.GetConnectionString("DefaultConnection"))); + services.AddDefaultIdentity(options => options.SignIn.RequireConfirmedAccount = true) + .AddEntityFrameworkStores(); + + + services.AddAuthentication() + .AddWsFederation(options => + { + // MetadataAddress represents the Active Directory instance used to authenticate users. + options.MetadataAddress = "https:///FederationMetadata/2007-06/FederationMetadata.xml"; + + // Wtrealm is the app's identifier in the Active Directory instance. + // For ADFS, use the relying party's identifier, its WS-Federation Passive protocol URL: + options.Wtrealm = "https://localhost:44307/"; + + // For AAD, use the App ID URI from the app registration's Properties blade: + options.Wtrealm = "https://wsfedsample.onmicrosoft.com/bf0e7e6d-056e-4e37-b9a6-2c36797b9f01"; + }); + + services.AddControllersWithViews(); + services.AddRazorPages(); + } + #endregion + + // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. + public void Configure(IApplicationBuilder app, IWebHostEnvironment env) + { + if (env.IsDevelopment()) + { + app.UseDeveloperExceptionPage(); + app.UseDatabaseErrorPage(); + } + else + { + app.UseExceptionHandler("/Home/Error"); + // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. + app.UseHsts(); + } + app.UseHttpsRedirection(); + app.UseStaticFiles(); + + app.UseRouting(); + + app.UseAuthentication(); + app.UseAuthorization(); + + app.UseEndpoints(endpoints => + { + endpoints.MapControllerRoute( + name: "default", + pattern: "{controller=Home}/{action=Index}/{id?}"); + endpoints.MapRazorPages(); + }); + } + } +} diff --git a/aspnetcore/security/authentication/ws-federation/samples/StartupNon21.cs b/aspnetcore/security/authentication/ws-federation/samples/StartupNon21.cs new file mode 100644 index 0000000000..2cb79fac44 --- /dev/null +++ b/aspnetcore/security/authentication/ws-federation/samples/StartupNon21.cs @@ -0,0 +1,68 @@ +using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.AspNetCore.Authentication.WsFederation; +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Hosting; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.DependencyInjection; + +namespace WebApp21 +{ + public class Startup + { + public Startup(IConfiguration configuration) + { + Configuration = configuration; + } + + public IConfiguration Configuration { get; } + + #region snippet + public void ConfigureServices(IServiceCollection services) + { + services.AddAuthentication(sharedOptions => + { + sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; + sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; + sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme; + }) + .AddWsFederation(options => + { + options.Wtrealm = Configuration["wsfed:realm"]; + options.MetadataAddress = Configuration["wsfed:metadata"]; + }) + .AddCookie(); + + services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); + } + + public void Configure(IApplicationBuilder app, IHostingEnvironment env) + { + if (env.IsDevelopment()) + { + app.UseDeveloperExceptionPage(); + app.UseDatabaseErrorPage(); + } + else + { + app.UseExceptionHandler("/Home/Error"); + app.UseHsts(); + } + + app.UseHttpsRedirection(); + app.UseStaticFiles(); + app.UseCookiePolicy(); + + app.UseAuthentication(); + + app.UseMvc(routes => + { + routes.MapRoute( + name: "default", + template: "{controller=Home}/{action=Index}/{id?}"); + }); + } + #endregion + + } +} diff --git a/aspnetcore/security/authentication/ws-federation/samples/StartupNon31.cs b/aspnetcore/security/authentication/ws-federation/samples/StartupNon31.cs new file mode 100644 index 0000000000..4d67d1256d --- /dev/null +++ b/aspnetcore/security/authentication/ws-federation/samples/StartupNon31.cs @@ -0,0 +1,69 @@ +using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.AspNetCore.Authentication.WsFederation; +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Hosting; +using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Hosting; + +namespace WebApplication88 +{ + public class Startup + { + public Startup(IConfiguration configuration) + { + Configuration = configuration; + } + + public IConfiguration Configuration { get; } + + #region snippet + public void ConfigureServices(IServiceCollection services) + { + services.AddAuthentication(sharedOptions => + { + sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; + sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme; + }) + .AddWsFederation(options => + { + options.Wtrealm = Configuration["wsfed:realm"]; + options.MetadataAddress = Configuration["wsfed:metadata"]; + }) + .AddCookie(); + + services.AddControllersWithViews(); + services.AddRazorPages(); + } + + public void Configure(IApplicationBuilder app, IWebHostEnvironment env) + { + if (env.IsDevelopment()) + { + app.UseDeveloperExceptionPage(); + app.UseDatabaseErrorPage(); + } + else + { + app.UseExceptionHandler("/Home/Error"); + app.UseHsts(); + } + app.UseHttpsRedirection(); + app.UseStaticFiles(); + + app.UseRouting(); + + app.UseAuthentication(); + app.UseAuthorization(); + + app.UseEndpoints(endpoints => + { + endpoints.MapControllerRoute( + name: "default", + pattern: "{controller=Home}/{action=Index}/{id?}"); + endpoints.MapRazorPages(); + }); + } + #endregion + } +}