SAML Single Sign-On (SSO) For ASP.NET Web Applications Using Azure AD As IDP

ASP.NET SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your ASP.NET applications. Using Single Sign-On you can use only one password to access your ASP.NET application and services. Our module is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between ASP.NET and Azure AD considering Azure AD as IdP.

Download And Extract Package

  • Download miniOrange ASP.NET SAML 2.0 Module.
  • For Setting up the module, extract the asp-net-saml-sso-module-xxx.zip, you will find a DLL file miniorange-saml-sso.dll, a configuration file saml.config and a integration.md file which contain the steps for adding the module into your application.

Step 1: Add module in your application

  • Add miniorange-saml-sso.dll in the bin folder (where your other DLL files exist) for your application.
  • Register miniorangesamlsso module in your application according to the provided steps in the integration.md file.
  • Add the provided configuration file saml.config in the root directory for your application.
  • After integration open browser and browse the module dashboard with URL below:
    • https://<your-application-base-url>?ssoaction=config
  • If it pops up the registration page or login page, you have successfully added the miniOrange saml sso module for your application.

  • asp.net saml sso azure ad : login page
  • Register or Login for configuring the module.

Step 2: Configure Azure AD as Identity Provider

  • Login into Azure AD Portal
  • Select Azure Active Directory -> App Registrations. Click on New Application Registration.

  • asp.net saml sso azure ad : new application
  • You will need SP Entity ID and ACS URL values while configuration. Refer to the below image:

  • asp.net saml sso azure ad : sp settings
  • After Clicking on New Registration, enter a Name for your application and choose the account type.
  • In the Redirect URI field, provide the ACS URL provided in the Service Provider Settings section of the module and click on the Register button.

  • asp.net saml sso azure ad : register app
  • After registering your application, go to Expose an API menu option and Click the Set button and replace the Application URI with the plugin's SP Entity ID provided in plugin’s Service Provider Settings.

  • asp.net saml sso azure ad : sp entity id
  • After setting the Application ID, go back to Azure Active Directory -> App Registrations window and click on Endpoints.
  • asp.net saml sso azure ad : endpoints
  • This will open up a window with multiple URLs listed there. Copy the Federation Metadata Document URL. This will be required while configuring the SAML module.

  • asp.net saml sso azure ad : metadata
  • Login into Azure AD Portal
  • Select Azure Active Directory -> Enterprise Applications. Click on New Application Application.

  • asp.net saml sso azure ad : enterprise app
    asp.net saml sso azure ad : new enterprise app
  • Click on the Non-gallery application section and enter the name for your app and click on Add button.

  • asp.net saml sso azure ad : non-gallery app
    asp.net saml sso azure ad : non-gallery app name
  • Click on Single sign-on from the application's left-hand navigation menu and select SAML.

  • asp.net saml sso azure ad : saml app
  • Edit BASIC SAML CONFIGURATION and enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Info tab of the plugin.

  • asp.net saml sso azure ad : edit basic saml configuration
  • Copy App Federation Metadata Url. This will be used while configuring the ASP.NET SAML module.

  • asp.net saml sso azure ad : metadata url
  • Assign users and groups to your SAML application.
    • Click on Users and groups from the applications left-hand navigation menu.
    • After clicking on Add user, Select Users and groups in the Add Assignment screen. Search or invite an external user. Select the appropriate user and click on the Select button.
    • After selecting the appropriate user, click on the Assign button.
    • asp.net saml sso azure ad : add users

Step 3: Configure ASP.NET SAML Module as Service Provider

  • After configuring your Identity Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and x.509 Certificate. Configure these values under IDP Entity ID, Single Sign-On Url and SAML X509 Certificate fields respectively. (Refer to the Metadata provided by Identity Provider)
  • Click Save to Save your IDP details.

  • asp.net saml sso azure ad : idp settings

Step 4: Test Configuration

  • Click on the Test Configuration button to test the configuration.

  • asp.net saml sso azure ad : test configuration settings

Step 5: Attribute Mapping

  • After testing the configuration, Map your application attributes with the Identity Provider (IdP) attributes.
  • Note: All the mapped attributes will be stored in the session so that you can access them in your application.

  • asp.net saml sso azure ad : attribute mapping

Step 6: Integration Code

  • You can also find the Integration code in the Integration Code tab in the module. Just copy-paste that code snippet wherever you want to access the user attributes.
  • Note: All the mapped attributes will be stored in the session so that you can access them in your application.
  • asp.net saml sso azure ad : integration code

Step 7: Login Settings

  • Use the following URL as a link in your application from where you want to perform SSO:
  • https://<your-application-base-url>/?ssoaction=login
  • For example you can use it as:
  • <a href="https://<your-application-base-url>/?ssoaction=login">Login<a>

Step 8: Logout Settings

  • Use the following URL as a link in your application from where you want to perform SLO:
  • https://<your-application-base-url>/?ssoaction=logout
  • For example you can use it as:
  • <a href="https://<your-application-base-url>/?ssoaction=logout">Logout<a>

    You can configure the ASP.NET SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.


If you are looking to Single Sign-On into your sites with any SAML compliant Identity Provider then we have a separate solution for that. We do provide SSO solutions for the following:

Application LINK
SAML SSO into DotNetNuke (DNN) site Click here
SAML SSO into SiteFinity site Click here
SAML SSO into Umbraco site Click here