How To: Sign into your ASP.NET/MVC web site with The Identity Hub (WS-Federation)

Summary

In this topic you will learn the neccesary steps to allow users to login to your ASP.NET or MVC sites using The Identity Hub - {tenant} via WS-Federation.

Contents

  • Objectives
  • Summary of Steps
  • Step 1 - Create and configure an App for your ASP.NET/MVC web site
  • Step 2 - Download and apply the web.config file
  • Step 3 - Available Claims
  • Step 4 - Use the SDK

Objectives

  • Sign into your ASP.NET or MVC sites using The Identity Hub - {tenant}

Summary of Steps

  • Step 1 - Create and configure an App for your ASP.NET/MVC web site
  • Step 2 - Download and apply the web.config file
  • Step 3 - Available Claims
  • Step 4 - Use the SDK

Step 1 - Create and configure an App for your ASP.NET/MVC web site

In this step you will create and configure an App for your ASP.NET/MVC web site.

For more information about Apps see How To: What is an App?.

  • Navigate to the Apps Admin Page and click on New.

  • Provide the following information
    • Name: The name of the app. Give a name to identify your ASP.NET/MVC web site

    • Description: The description of the app.

  • Open the WS-Federation parameters section by clicking on the arrow.

  • Provide the following information
    • Relying Party Realm: The urn the ASP.NET/MVC web site will use to identify itself.

    • Reply Url's: The url of the ASP.NET/MVC web site. For example: https://mvcsite.contoso.com/. Only https is allowed.

    • Relying Party Certificate: The public the certiciate, The Identity Hub - {tenant} will use to encrypt the sign-in response (SAML Token). This is optional, but recommended.

      It is recommended that you aquire and use a specific certificate, only used for this purpose. The certificate chain must be valid.
    • Token Signing Certificate: The public/private key pair of the certiciate, The Identity Hub - {tenant} will use to sign the sign-in response (SAML Token).

      It is recommended that you aquire and use a specific certificate, only used for this purpose. The certificate chain must be valid.

    • Token Signing Certificate Password: The password to access the private key.

  • Click Save. You will navigate to the detail page of the just created App.


Step 2 - Download and apply the web.config file

  • Open the WS-Federation Web Applications section by clicking on the arrow.

  • Click the web.config link to download the example config for System.IdentityModel or Microsoft.IdentityModel

  • If you already have a config file for your ASP.NET/MVC web site, you can copy and paste the necessary sections.
  • In your ASP.NET/MVC project go to the Package Manager Console and type in

    Install-Package TheIdentityHub.AspNet


Step 3 - Available Claims

In this step you will learn what claims are available once the user is logged in.

Available Claims

Claim Uri Description Number of instances
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name Unique identifier Min: 1 Max: 1
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress Email Address Min: 0 No Maximum
http://schemas.u2uconsult.com/ws/2014/04/identity/claims/largepicture An url of a large identity picture Min: 0 No Maximum
http://schemas.u2uconsult.com/ws/2014/04/identity/claims/mediumpicture An url of a medium identity picture Min: 0 No Maximum
http://schemas.u2uconsult.com/ws/2014/04/identity/claims/smallpicture An url of a small identity picture Min: 0 No Maximum
http://schemas.u2uconsult.com/ws/2014/03/identity/claims/accesstoken An OAuth 2.0 Access Token that can be used to call The Identity Hub API to get more information about the identity.

See How To: Call The Identity Hub API
Min: 1 Max:1
http://schemas.u2uconsult.com/ws/2014/04/identity/claims/displayname The display name of the identity Min: 1 Max:1


Step 4 - Use the SDK

In this step you will learn how to use the ASP.NET Server Side SDK once the user is logged in.

See Using the SDK