Single Sign On implementation in C# using SAML 2.0

mbajer92 picture mbajer92 · Jan 11, 2017 · Viewed 25.5k times · Source

For past week I did a lot of research on the topic of using Single Sign On with SAML 2.0. I have found a lot of good articles and I understand the process of SSO in detail, but I am encountering problems when implementing it in our C# solution with .Net Framework 4.5.

Let me describe my understanding of the process and how I imagine I should go about applying it:

  1. The user goes to our software which is the Service Provider (SP). We are having different instances trimmed to our client's needs.

  2. After typing the email address, he should be re-directed to our Identity Provider (IdP). At this point I believe I should be sending an authentication token to check if the user is not already logged in on the IdP. In case the user is, I would want to login the user to our system. In case he is not, he would then log in on their IdP.

  3. After he successfully is authenticated, we are sending the SAML Response token back to our website URL.
  4. When the token arrives at our end, we should decrypt it and when the authentication has been successfully, grant the user access to the service.

So far I haven't found any good resources on the actual process of generating the SAML Request or a way of decrypting our SAML token in the C# code.

For the testing we are using ADFS 2.0 as the IdP and we are getting the SAML Response from it. When we will process the response we would like to compare the information in our database with the email in the response to verify the users details before letting them into the system.

The examples I have been able to find are either out of date or are not giving detailed explanation. If anyone would be able shine some light on it for me, by either providing some examples of implementation or a good and up to date resource that I haven't yet managed to find.

Answer

rbrayb picture rbrayb · Jan 11, 2017

SAMl 2.0 is not a simple protocol and as you have discovered it is not trivial to roll your own.

Use a SAML client side stack.

Note there is not an official one from Microsoft.

Refer SAML : SAML connectivity / toolkit for some ideas.

This will do all the heavy lifting and plumbing for you.