Best IT Recipes

Approve auth from ADFS

I am trying to connect to a SharePoint Online instance through a WPF application. I found this article that describes a possible solution, but the problem is that the particular instance has Active Directory Federation Services (ADFS) in front and I don’t know how to get authentication. (I cannot create a certificate for my authentication application against adfs.)

Anyone who has already done this and can support me with some snippets of code?

+12
authentication c # sharepoint active-directory adfs
Jul 02 2018-12-12T00:
source share
3 answers

I found a solution and made a report about it. I also put it on github . You can find my blog post along with a github link to my blog .

I hope this helps you to the extent that it helped me :-)

+5
Jan 04 '13 at 3:34
source share

I played with Fiddler. Basically the flow goes as follows:

  • Get SAML Token from ADFS
  • Send it https://login.microsoftonline.com/login.srf (body must be wa=wsignin1.0, wresult=<requestsecuritytokenresponse>…token…</rstr> and wctx=MEST=0&LoginOptions=2&wa=wsignin1%2E0&rpsnv=2&ct=1343219880&rver=6%2E1%2E6206%2E0&wp=MBI&wreply=https%3A%2F%2Fspirit365%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&id=500046&cbcxt=mai&wlidp=1&guest=1&vv=910&mkt=EN-US&lc=1033&bk=1343219930
  • Capture input hidden by name "t" from form
  • POST that "t" in /_layouts/Authenticate.aspx. This should give you FedAuth and rtFa cookies.

From this point, it is the same as the code here: http://www.wictorwilen.se/Post/How-to-do-active-authentication-to-Office-365-and-SharePoint-Online.aspx

+8
Jul 25 2018-12-12T00:
source share

I spent a lot of time to finally figure it out. To receive a binary token, you need to send a message in the following format to the URL of the Microsoft Internet Security Support Service (STS) website:

 <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action> <a:ReplyTo> <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> </a:ReplyTo> <a:To s:mustUnderstand="1">[toUrl]</a:To> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> [assertion] </o:Security> </s:Header> <s:Body> <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <a:EndpointReference> <a:Address>[url]</a:Address> </a:EndpointReference> </wsp:AppliesTo> <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType> <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType> <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType> </t:RequestSecurityToken> </s:Body> </s:Envelope>

This message must be replaced for tokens with the following values:

[toUrl]: URL for the Internet Security Support (STS) site.
[url]: your SP website url

[assertion]: Is the XLM confirmation token that you received from your federation service.

Once you get the binary token t=... from the XML response, you can send it to your SP default.aspx to receive cookies.

+3
Dec 02 '14 at 21:31
source share


More articles:


All Articles