How should I implement SAMLP 2.0 in an ASP.NET MVC 4 service provider?

I'm developing an MVC 4 web application in C# and want to handle login using an existing SAML 2.0 identity provider. I am using HTTP POST binding with SimpleSAMLphp.

It seems like, in .NET 4.5, I should be using Windows Identity Foundation. First, I tried to install the Identity and Access Tool. (I am using Visual Studio 2013, which is supposed to have this tool integrated, but VS2013's version doesn't support "re-entrancy", meaning I can't use it to add WIF support to my existing application.)

After pointing the Identity and Access Tool to my identity provider's metadata, I get this error message:

Apparently, this is the error message that indicates that SAMLP 2.0 is not supported by WIF. This seems to be distinct from SAML 2.0 tokens, which are supported (at least, this outdated documentation indicates that there was a Microsoft.IdentityModel.Tokens.Saml2 namespace).

I then discovered the WIF Extension for SAML 2.0. However, this was released in May 2011 and doesn't seem to have been touched since then. Nonetheless, I downloaded the extension and attempted to build the SamlConfigTool included in the ZIP file. The tool is a console application which informs me that:

This tool will prompt for information needed to create a metadata file that describes your relying party. It will prompt for the addresses of partner metadata files to be downloaded. Finally, it will output a file called Changes_To_Web_Config.xml that has the changes that should be made to your web site's web.config file to enable SAML protection.

After entering my entity ID and SAML endpoint, the SamlConfigTool promptly crashed. Okay, maybe I don't need to use the configuration tool and I can just copy what's done in the sample ServiceProvider VS project. After migration, I'm able to open the project in VS2012, but it's not clear to me exactly how it works — it doesn't seem to contain any C# code, just new entries in Web.config. It's not clear to me how I should adapt this configuration to replace the custom login code in my MVC 4 app, and in any case relying on a dead library from 3 years ago doesn't seem like a great idea.

So, what is the best way to implement SAML 2.0 in ASP.NET MVC 4? I'm currently decoding, encoding, parsing and compressing XML by hand and it feels like there should be an easier way.

As far as third party services, there is also Auth0 that supports samlp.

I've installed AuthServices and added the [appropriate sections][1] to my Web.config, and my project still builds, but I'm having trouble getting AuthServices to do anything. Adding the [Authorize] attribute to my ActionResult doesn't seem to do anything.

Try yoursite/AuthService/SignIn. It should start the login (I obviously need to update the docs with the MVC stuff). To get automatic redirection, set auth mode to forms and loginUrl to ~/SignIn: msdn.microsoft.com/en-us/library/…

As far as i have heard .Net 4.5 does support samlp: connect.microsoft.com/VisualStudio/feedback/details/781848/…

One of these 39 ups in the survey is mine :) I would also like if it would be supported but to this day I have found no official reference to it in .NET framework. However Azure and ADFS supports it.

To flesh out @woloski's comment, wrote this up: nzpcmad.blogspot.co.nz/2015/04/…

you mean AuthServices/SignIn with an "S"

how do you like it? we are evaluating different packages and ITfoxtec is on top of the short list

We have it in production now. Note that ITFoxtec has gone through a rewrite since, and we are still using the older version. Due to the specifics of our particular IdP implementation, we had to make a minor modification, so it was good to have the source code available.

thanks. good to know that. i like it for its license type and the open source code. may evaluate its quality soon :)

@pepo FWIW, please see cheated.by.safabyte.net which shows Component Pro likely represents the latest incarnation of stolen SAML software. TY