ASP.Net Core SAML authentication
Solution 1
As far as I know, there is no SAML2 implementation for ASP.NET Core. I'm planning to make an ASP.NET Core Middleware for Kentor.AuthServices (I'm the maintainer), but it's just plans yet.
There is now a working prototype of a ASP.NET Core middleware at https://github.com/KentorIT/authservices/pull/489. It will be included in the official release when tests have been added.
It's also important to know that while such a middleware would be compatible with the ASP.NET Core security model, it would only run on the full .NET Framework and not on .NET Core. The reason is that SignedXml and the SAML2 support in System.IdentityModel is not yet available in .NET Core.
Solution 2
This is probably basically an updated version of Anders Abel's answer, but:
I used https://github.com/Sustainsys/Saml2. They have a nuget package with 36k downloads called "Sustainsys.Saml2.AspNetCore2".
They have a helpful example .net core app using it that also uses .net core identity here: https://github.com/Sustainsys/Saml2/tree/master/Samples/SampleAspNetCore2ApplicationNETFramework (take a look at their startup.cs and also their external login razor pages for implementation details).
They also host a nice test IdP here: https://stubidp.sustainsys.com. That way, you can confirm your app's ACS (Assertion Consumer Service) endpoint works along with your login page and whatnot.
They mention on their github: "The library was previously named Kentor.AuthServices."
Solution 3
ITfoxtec Identity Saml2 now support .NET Core 2.1.
Project: https://itfoxtec.com/IdentitySaml2 and code samples: https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test
To implement SAML 2.0 in a ASP.NET MVC Core 2.1 project you need the following NuGet package: https://www.nuget.org/packages/ITfoxtec.Identity.Saml2.MvcCore/
Tedd Hansen
Encapsuled functions with routines embeded. Parallel process to run multi-threaded. Routines that lighten the processor load. This is just some of my favorite code! API reference and good indentation. Pointers to strings that have null-termination. Callbacks to functions of referencing strings. These are a few of my favorite things.
Updated on December 24, 2020Comments
-
Tedd Hansen over 3 years
I am trying to add SAML 2.0 authentication to an ASP.Net Core solution. I can't find any documentation on the subject, so I am unsure where to start. There is probably documentation out there, but I don't want to spend 3 days becoming an expert on this.
From what I can see ASP.Net Core has changed something from the old OWIN assemblies/namespaces. There are third party libraries to simplify SAML 2.0 implementation such as Kentor.AuthServices.
I am unsure how to combine this with ASP.Net 5 RC 1 / ASP.Net Core. For example making use of the AspNet* tables in SQL.
ASP.Net 5 RC 1 comes with several libraries to implement authentication (client).
For example:
- Microsoft.AspNet.Authentication.OAuth
- Microsoft.AspNet.Authentication.Facebook
- Microsoft.AspNet.Authentication.Google
- Microsoft.AspNet.Authentication.Twitter
Implementing these is a matter of calling a simple extension method in
Startup.cs:app.UseIdentity() .UseFacebookAuthentication(new FacebookOptions { AppId = "ID", AppSecret = "KEY" }) .UseGoogleAuthentication(new GoogleOptions { ClientId = "ID", ClientSecret = "SECRET" }) .UseTwitterAuthentication(new TwitterOptions { ConsumerKey = "KEY", ConsumerSecret = "SECRET" });Once that is done the ASP.Net sample project automatically shows social buttons for login/manage account:
In the backend code the authentication providers are retrieved using
var otherLogins = _signInManager.GetExternalAuthenticationSchemes().Where(auth => userLogins.All(ul => auth.AuthenticationScheme != ul.LoginProvider)).ToList();. This means the authentication providers are registered somewhere that makes them available by calling_signInManager.GetExternalAuthenticationSchemes().How can I implement SAML 2.0 authentication in ASP.Net 5 RC1 / ASP.Net Core?