Geek Answers Handbook

Posting a SAML token to an ASP.NET MVC website

I have an MVC website with value information that is supported by the Thinktecture Identity Server . Now I have a requirement to allow a third party to access certain parts of the website.

Is it possible to perform software authentication using an identity server and publish it on a website so that a third-party user cannot manually go through the normal registration process?

I previously used an identity server to get a SAML token to make WCF calls, I was wondering if some of these methods can be reused?

Difficulties arise because a third-party uses a Java application on the desktop with some browser component built-in to access the MVC website. Users have already authenticated using the desktop application, so we don’t want them to enter their credentials again to view these web pages.

+6
source share
1 answer

Hmm, hard to solve in a safe way. Mostly I don't trust desktop applications; -)

Perhaps you are looking for some kind of federation. This basically means that your Identity Server trusts a third party (through a signature). Your Identity Server will then use the third-person SAML token as login information and generate a new SAML token (signed by you) for transfer to the MVC web application. I think Dominic has a video or two, but I'm not sure if it matches your requirements. Take a look at https://github.com/thinktecture/Thinktecture.IdentityServer.v2/wiki

The Java desktop application probably cannot create a signed SAML token, so you can use "something else." Preferably, something is signed from the place where they were registered for the first time.

You should avoid having your web application trust anyone other than your own identity / identity provider.

Hope this helps? Glad to help where I can :-)

+1
source

More articles:


All Articles