Wordpress

ASP DOT NET SAML CONNECTOR

 


About ASP DOT NET

ASP.NET is an open-source extension of Windows-based web application framework which is on the server side, developed by Microsoft. It is designed for enterprise level web application development which are having advanced features for producing dynamic web pages. Hence many existing applications, which user may opt to use, are in DOT NET. Using Single Sign-On for these applications are much feasible and cost-effective. By this user can move across the applications securely uninterrupted without specifying their credentials each time.

Challenge

Less time to login is a prominent feature which is expected from the DOT NET application user. Time can’t be saved if to and from login between applications is impossible. Also, there is an inconvenience to log in when any user wants to assign a specific authorized group.

Solution

Our miniOrange SAML DOT NET connector is an integration which has required features and is useful in extending DOT NET functionality. This product has contributed to providing integration for applications. By installing this plugin the application is upgraded, a trust can be established for the applications to couple together.

Features of SAML DOT NET Connector

  • Our SAML DOT NET connector supports SSO SAML 2.0 with both SP initiated and IdP initiated support.
  • All the SAML bindings of HTTP POST, HTTP Redirect, HTTP Artifact and SOAP are supported, and also there is a choice to select the type of binding.
  • DOT NET connector supports Customized Attribute Mapping. Enterprise user can add employee IDs (employee identification number) thus improving the level of customization.
  • The User can Logout from both SP and IDP using single log out by using SAML DOT NET Connector.
  • Our Dot Net Connector allows authenticating any number of times.
  • It protects user’s complete site by providing access to only registered users.
  • In DOT NET Connector, a shortcode (HTML) can be used to place the login link wherever the user wants.
  • We provide step-by-step guide/documentation with User’s IDP for convenient and easy integration.

A: Guide to set up ASP.NET SAML Connector:

         Steps to deploy SAML ASP.Net Connector in IIS Manager :-

            Step 1: To Add Application in IIS Manager

  • Extract saml_asp.net_connector.zip and Copy saml_asp.net_connector folder to path- C:\inetpub\wwwroot.
  • Open IIS manager.
  • In left panel right click Default Web Site and click Add Application.

  • As given below provide Alias Name that is a webpage Address Name for example Alias Name.
  • Give Physical path where you have copied the Application:
    C:\inetpub\wwwroot\ saml_asp.net_connector.


     Step 2: Steps to give authority to user to make changes in SAML Connector (web.config File).

  • Go to this path C:\inetpub\wwwroot\
  • Right click the saml_asp.net_connector and select Properties.
  • Select the Security tab and click the Edit button.
  • Select IIS_IUSRS in under Group or Usernames option.
  • After following the steps given above, tick the box in the Permission for IIS_IUSRS container as shown in the figure below:

  • Click Ok button.

     Step 3: Open SAML ASP.NET Connector on Browser

  • Open any browser and go to the following link: http://localhost/
  • A signup page opens up.
  • Signup into this page to get a 30 day trial of the SAML ASP.Net Connector web application.

B: Steps to configure the SAML ASP.Net Connector with your SP and IdP:

     Step 4: Configure your Identity Provider

  • After you have clicked on Sign Up, it opens a page giving instruction on how to setup the Connector.
  • Open the configure IDP tab on top and copy the SP Entity ID and ACS URL to your IDP settings.


 Step 5: Configure your Service Provider :

Using IDP information user could add details in Configure SP:

  • Provide the required settings (i.e. IDP Entity ID, IDP Single Sign on URL, X.509 certificate) in the connector.
  • And click Save Configuration to Save your IDP details.
  • Then click on Test Configuration button.



  • The below Screenshot shows a successful result.
  • This screenshot shows the attributes that are received and are mapped by attribute mapping (i.e. NameID, email, firstname, lastname).


      Step 6: Attribute Mapping

  • Attribute Mapping is used by the IDP and the SP to map user information from IDP to SP.
  • Attribute Mapping helps you to get user attributes from your IdP and map them to your user attributes in SP.
  • Attributes received in successful test configuration are used for attribute mapping.
  • In Attribute Mapping details like NameID and Email as shown in Figure Test Successful are mapped to NameID and Email respectively like Attribute: NameID, Email, FirstName, LastName.

      Step 7: Login Setup

  • Provide your Endpoint URL in Login Setup where you will read your SAML response.
  • Add 16-character Encryption Key which will be used to encrypt response and same key will be used to Decrypt the response in login ASP.Net application.
  • Click on Save button.

        Step 8: SSO Sign In Settings

  • Add the below SAML login link by adding code to your Login UI part:

    <a href=”https://localhost/request.aspx”>Login with IdP</a >
  • Also add below code to Decrypt the attributes at your login side.

//Decrypt the parameters
private string Decrypt(string ciphertext) {
var name=this.Decrypt(Request.QueryString("name"));
var email=this.Decrypt(Request.QueryString("email"));
var firstname=this.Decrypt(Request.QueryString("firstname"));
var lastname=this.Decrypt(Request.QueryString("lastname"));
string EncryptionKey = ConfigurationManager.AppSettings["encrypt_key"];
byte[] cipherBytes = Convert.FromBase64String(ciphertext); using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey,
new byte[]
{ 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64,
0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream
(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
ciphertext= Encoding.UTF8.GetString(ms.ToArray());
}
}
return ciphertext;
}