I have a Win Form Application(not in Intranet) where I would like to implement a functionality where you can insert your AD Credentials and the application should connect to our AD through the web published ADFS (the standard https://[adfsurl]/adfs/ls/idpinitiatedsignon.aspx) and get those info (for example the AD group you belong to).
I started researching but most of the examples are for ASP.NET and MVC or WIF in a intranet scenario.
What approach would you suggest?
I was finally able to make it work, I had to create a new application in the ADFS and generate a self-signed cert.
Here is the code:
Private Sub GetToken()
Const certSubject As String = "CN=[CN of the cert]"
Dim sEndPointAddress As String = "https://domain/adfs/services/myapp"
Dim binding As New WS2007HttpBinding()
binding.Security.Message.EstablishSecurityContext = False
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName
binding.Security.Mode = SecurityMode.TransportWithMessageCredential
Dim trustChannelFactory As New WSTrustChannelFactory(binding, New EndpointAddress("https://domain/adfs/services/trust/13/usernamemixed"))
trustChannelFactory.TrustVersion = TrustVersion.WSTrust13
trustChannelFactory.Credentials.UserName.UserName = [user]
trustChannelFactory.Credentials.UserName.Password = [password]
Dim requestToken As New RequestSecurityToken(RequestTypes.Issue)
requestToken.AppliesTo = New EndpointReference(sEndPointAddress)
requestToken.RequestType = RequestTypes.Issue
requestToken.KeyType = KeyTypes.Bearer
requestToken.Claims.Dialect = "http://docs.oasis-open.org/wsfed/authorization/200706/authclaims"
Dim channel As IWSTrustChannelContract = trustChannelFactory.CreateChannel()
Dim tokenClient As WSTrustChannel = CType(trustChannelFactory.CreateChannel(), WSTrustChannel)
Try
Dim token As GenericXmlSecurityToken = tokenClient.Issue(requestToken)
Dim tokenHandlers = New SecurityTokenHandlerCollection(New SecurityTokenHandler() {New SamlSecurityTokenHandler()})
tokenHandlers.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never
tokenHandlers.Configuration.CertificateValidationMode = X509CertificateValidationMode.None
tokenHandlers.Configuration.RevocationMode = X509RevocationMode.NoCheck
tokenHandlers.Configuration.CertificateValidator = X509CertificateValidator.None
tokenHandlers.Configuration.AudienceRestriction = New AudienceRestriction()
tokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(New Uri(sEndPointAddress))
Dim trusted = New TrustedIssuerNameRegistry(certSubject)
tokenHandlers.Configuration.IssuerNameRegistry = trusted
'convert the generic security token to a saml token
Dim samlToken = tokenHandlers.ReadToken(New XmlTextReader(New StringReader(token.TokenXml.OuterXml)))
'convert the saml token to a claims principal
Dim ClaimsPrincipal = New ClaimsPrincipal(tokenHandlers.ValidateToken(samlToken).First())
'Display token information
Console.WriteLine("Name : " + ClaimsPrincipal.Identity.Name)
Console.WriteLine("Auth Type : " + ClaimsPrincipal.Identity.AuthenticationType)
Console.WriteLine("Is Authed : " + ClaimsPrincipal.Identity.IsAuthenticated.ToString())
For Each c As System.Security.Claims.Claim In ClaimsPrincipal.Claims
Console.WriteLine(c.Type + " / " + c.Value)
Console.ReadLine()
Next
Form1.lbl_Hello.Text = "Hi, " + ClaimsPrincipal.Identity.Name
Catch ex As Exception
If ex.Message.Contains("ID3242") Then
MsgBox("Invalid Credentials")
Else
MsgBox(ex.Message)
End If
End Try
End Sub