Guide to Configure ASP.NET Framework SAML SSO using Azure AD(Entra ID) as IDP

Overview

ASP.NET SAML Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your ASP.NET applications. Using Single Sign-On you can use only one password to access your ASP.NET application and services. Our module is compatible with all the SAML compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between ASP.NET and Microsoft Entra ID (formerly Azure AD) considering Azure AD as IdP.

Download

Pricing Plans

Platform Support: The ASP.NET SAML SSO module supports ASP.NET 3.5 and above frameworks.

Pre-requisites : Download And Installation

To install the miniOrange SAML SSO NuGet package in your .NET application, simply install the miniOrange NuGet package on top of your application.

NuGet Package

.NET CLI

PM> NuGet\Install-Package miniOrange.SAML.SSO

After Installation, open your browser and browse the module dashboard with the URL below:


                    
                    
                     http(s)<your-dotnet-application-base-url>?ssoaction=config

If the registration page or login page pops up, you have successfully added the miniOrange SAML SSO module in your application.

After successful registration, you will receive a trial license key on your registered email address.

To activate the module, you can either:

Enter the license key received via email in the provided input field.

Upload the license file that you downloaded by clicking on the Click Here button.

Then, check the box "I have read the above conditions and I want to activate the module", and click the Activate License button.

Configuration Steps

1. Provide .NET Application Metadata to Azure AD Identity Provider

There are two ways detailed below with which you can get the SAML SP metadata to configure onto your Identity Provider end.

A] Using SAML metadata URL or metadata file

In the Plugin Settings menu, look for Service Provider Settings. Under that, you can find the metadata URL as well as the option to download the SAML metadata.

Copy metadata URL or download the metadata file to configure the same on your identity provider end.

You may refer to the screenshot below:

B] Uploading metadata manually

From the Service Provider Settings section, you can manually copy the service provider metadata like SP Entity ID, ACS URL, Single Logout URL and share it with your identity provider for configuration.

You may refer to the screenshot below:

Log into Azure AD Portal. Select Azure Active Directory.

Navigate to Enterprise Applications section and click on Add.

Now click on New Application to create new application.

Click on Create your own application. Enter the name for your app. Select the 3rd option in What are you looking to do with your application section and then click on Create button.

Click on Single sign-on from the application's left-hand navigation menu and select SAML.

Edit BASIC SAML CONFIGURATION and enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider section of the ASP.NET SAML plugin as per Step 1B.

Copy App Federation Metadata Url. This will be used while configuring the ASP.NET SAML module.

Assign users and groups to your SAML application.
- Click on Users and groups from the applications left-hand navigation menu.
- After clicking on Add user, Select Users and groups in the Add Assignment screen. Search or invite an external user. Select the appropriate user and click on the Select button.
- After selecting the appropriate user, click on the Assign button.

2. Configure Azure AD Identity Provider Metadata in .NET Application

Click on the Select your IDP button to configure a new Identity Provider.

ASP.NET Framework SAML SSO using Azure AD as IDP - Add New IDP

Under the Plugin Settings tab, select Azure AD as your identity provider from the list shown.

ASP.NET Core SAML SSO using Azure AD as IDP - Add New IDP

There are two ways detailed below with which you can configure your SAML Identity Provider metadata in the module.

A] Upload metadata using the Upload IDP Metadata button:

If your identity provider has provided you with the metadata URL or metadata file (.xml format only), then you can simply configure the identity provider metadata in the module using the Upload IDP Metadata option.

Copy metadata URL or download the metadata file to configure the same on your identity provider end.

You may refer to the screenshot below:

You can choose any one of the options according to the metadata format you have available.

B] Configure the identity provider metadata manually:

After configuring your Identity Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and SAML X509 Certificate fields respectively.

Click Save to save your IDP details.

ASP.NET Framework- Configure IDP Manually

3. Testing SAML SSO

After uploading the metadata details, navigate to the Identity Provider Settings section. Hover over the Select Actions dropdown and click on Test Configuration.

The screenshot below shows a successful result. Click on SSO Integration to further continue with the SSO Integration.

If you are experiencing any error on the module end you’ll be shown with the window similar to below.

ASP.NET Framework - Test Configuration Error

To troubleshoot the error you can follow the below steps:

Under Troubleshoot tab, enable the toggle to receive the plugin logs.

Once enabled, you will be able to retrieve plugin logs by navigating to Plugin Settings tab and clicking on Test Configuration.

Download the log file from the Troubleshoot tab to see what went wrong.

You can share the log file with us at aspnetsupport@xecurify.com and our team will reach out to you to resolve your issue.

4. Attribute Mapping

After testing the configuration, Map your application attributes with the Identity Provider (IdP) attributes.

From the left-hand menu of the miniOrange ASP.NET SAML SSO Module, click on Attribute/Role Mapping tab as shown in the image.

If you want to pass additional attributes from your IdP, enter the Attribute Name and corresponding Attribute Value under Custom Attribute Mapping.

Note: All the mapped attributes will be stored in the session so that you can access them in your application.

Once the attributes are mapped, click Save Attribute Mapping to apply changes.

5. Integration Code

This steps allow you to retrieve the SSO user information in your application in the form of session.

You can also look the setup tour to understand how the SSO integration would work in your asp.net module application.

Just copy-paste that code snippet wherever you want to access the user attributes.

Note: With the trial module the authenticated user details are stored in session variables. Support of setting user claims using Header-based, Forms-Cookie-based, JWT-based authentication is available in our premium plugin.

Hover on Select Actions and click on Copy SSO Link.

Use the following URL as a link in the application from where you want to perform SSO:


                    
                    
                      https://<asp.net-module-base-url>/?ssoaction=login

For example, you can use it as:

                
                      <a href="https://<asp.net-module-base-url>/?ssoaction=login">Log
                    in</a>

7. Logout Settings

Use the following URL as a link to your application from where you want to perform SLO:


                    
                    
                      https://<asp.net-module-base-url>/?ssoaction=logout

For example, you can use it as:

                
                      <a href="https://<asp.net-module-base-url>/?ssoaction=logout">Log
                    out</a>

Get in Touch

Please reach out to us at aspnetsupport@xecurify.com, and our team will assist you with setting up the ASP.NET Framework SAML SSO. Our team will help you to select the best suitable solution/plan as per your requirement.

Single Sign On

SAML Service Provider

OAuth/OpenId Connect Client (SSO)

Social Login Social Sharing

Headless Single Sign-On

SAML Identity Provider

OAuth/OpenId Connect Server

Login using YourMembership

Auto Login and Register using JWT

Multi-Factor Authentication (MFA)

Two Factor Authentication

WooCommerce Password Reset Over OTP

OTP Over Phone Call

Bulk SMS/WhatsApp Notification

OTP Verification

Limit OTP Request

Receive OTP and Notifications on WhatsApp

LDAP/Active Directory Integrations

LDAP/Active Directory Integration for WordPress

WP Staff/Employee Search Directory for Active Directory

LDAP/AD Integration for Cloud & Shared Hosted WordPress

Forms Integration with Active Directory for WordPress

Office365 Integration

SharePoint WordPress

PowerBI WordPress Integration

Outlook and MS Teams Integration

Azure AD / Office 365 app Integrations

Azure AD / Entra ID WordPress Sync

Dynamics CRM 365 WordPress Integration

WooCommerce Integration

WooCommerce Product Sync

WooCommerce Integrator

Dynamics CRM 365 WordPress Integration

Salesforce WooCommerce Integrations

Decentralised ID

Digital ID Login

Web3 WordPress Authentication

WordPress Web3 Suite

WordPress NFT Marketplace

WordPress Smart Contracts

Add-Ons

Page and Post Restriction

LearnDash Integrator

WooCommerce Integrator

SSO Login Audit

Paid Membership Pro integrator

Media Restriction

BuddyPress Integrator

WordPress Discord Integrator

Guest User Login

SCIM User Provisioning

MemberPress Integrator

SSO Session Management

Attribute based redirection

Other Plugins

REST API Authentication

Custom API for WordPress

WordPress Online Proctoring for LMS

No Code Automation

Object Data Sync for Salesforce

WP User Sync Integration for Third Party Apps

WP User and Login Management

Management tool for Web Agency

Single Sign On

SAML SSO

Crowd SSO

Kerberos / NTLM SSO

Helpdesk SSO Integration

OAuth/OpenID SSO

Git Authentication

Advance SSO Option

Help & Support

User Management

SCIM Provisioning

WORD/PDF Exporter

Project Config Manager

Bulk User Management

Centralized License Manager

Custom User Profile

Help & Support