.netsingle-sign-on.net-7.0ws-federation

.net 7 ws-federation not calling ADFS


I'm new to .net core and my company is starting to move to .net 7 on new applications. The app doesn't even try to call ADFS(we use it for SSO). Here is my program file:

using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.WsFederation;
using Microsoft.AspNetCore.Cors.Infrastructure;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.OData;
using Microsoft.EntityFrameworkCore;

var builder = WebApplication.CreateBuilder(args);

builder.Configuration.AddJsonFile("appsettings.json");

builder.Services.AddControllers().AddOData(
    options => options.Select().Filter().OrderBy().Expand().Count().SetMaxTop(null)
);
builder.Services.Configure<GlobalAppSettings.ConnectionString>(builder.Configuration.GetSection("ConnectionStrings"));
builder.Services.Configure<GlobalAppSettings.AppEnvironment>(builder.Configuration.GetSection("AppSettings"));


builder.Services.AddAuthentication(sharedOptions =>
    {
        sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
    })

    .AddWsFederation(options =>
    {
        options.UseTokenLifetime = false;
        options.Wtrealm = "urn:app";
        options.MetadataAddress = "https://sso.app.com/FederationMetadata/2007-06/FederationMetadata.xml";
        options.Wreply = "https://localhost:44307/app/";

    })
    .AddCookie(options =>
    {
        options.Cookie.Name = "app";
        options.Cookie.Path = "/app";
        options.SlidingExpiration = true;
        options.ExpireTimeSpan = new TimeSpan(0, 40, 0);
    });

builder.Services.AddHttpContextAccessor();
builder.Services.AddDbContext<DBcontext>(options => options.UseSqlServer(builder.Configuration.GetConnectionString("PrimaryConnectionString")!));
builder.Services.AddScoped<Utility>();

builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());

var app = builder.Build();

// Configure the HTTP request pipeline.
app.UsePathBase("/app");


app.UseAuthentication();

app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(configure: endpoints => endpoints.MapControllers());


app.Run();

I have verified that the wsfederation metadata and wtrealm are correct and ADFS is setup as such. Can anyone see why this won't call ADFS for the claims identities?


Solution

  • So for anyone that finds this and is having the same trouble, the answer, for me at least, was so simple. I just needed to add an authorize attribute to the controller itself.

    Like so: [Microsoft.AspNetCore.Authorization.Authorize]

    Putting that on the controller tells the app to make the call, because you have to tell it everything you want it to do. In previous applications I've worked on before .net core, we used IIS Express and .net 4.5.2 which did things for you, including this. I've read from the beginning of my work with .net core that you have to specify everything; which makes it more customizable and that's good. But I didn't think that it wouldn't do anything for you. Learn now, it won't. If your .net core app isn't doing something, it's likely that you haven't told it to, specifically.