.NET Core Auto Login with ADFS

0

Looking for comments on my code in hopes to find a standards based practice. I am currently deploying a SPA application (angular) with .NET Core as the backend. We have an on prem ADFS so I have set up the application to automatically log the user in when they reach the site. The code works fine, however I am curious if this is a common way to accomplish or if there is a standard pattern for this use case.

using CPQrp.Services;

using Microsoft.AspNetCore.Authentication;

using Microsoft.AspNetCore.Authentication.Cookies;

using Microsoft.AspNetCore.Authentication.WsFederation;

using Microsoft.AspNetCore.Builder;

using Microsoft.AspNetCore.Hosting;

using Microsoft.AspNetCore.Mvc;

using Microsoft.AspNetCore.SpaServices.AngularCli;

using Microsoft.Extensions.Configuration;

using Microsoft.Extensions.DependencyInjection;

using Microsoft.Extensions.Logging;

using System;

using System.Linq;



namespace CPQrp

{

public class Startup

{

    private IConfiguration _config;



    public Startup(IConfiguration configuration)

    {

        _config = configuration;

    }



    /// <summary>

    /// This method gets called by the runtime. Use this method to add services to the container.

    /// </summary>

    /// <param name="services"></param>

    public void ConfigureServices(IServiceCollection services)

    {

        // ROUTING

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);



        services.AddSpaStaticFiles(configuration =>

        {

            // In production, the Angular files will be served from this directory

            configuration.RootPath = "ClientApp/dist";

        });



        // CUSTOM SERVICES

        services.AddSingleton<IApplicationUser, ApplicationUser>();



        // AUTHENTICATION

        services.AddAuthentication(sharedOptions =>

        {

            sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

            sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

            sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;

        })

        .AddWsFederation(options =>

        {

            _config.Bind("ADFS", options);

        })

        .AddCookie(options =>

        {

            options.Cookie.Name = "auth";

            options.Cookie.Expiration = TimeSpan.FromDays(30);

        });

    }



    /// <summary>

    /// 

    /// </summary>

    /// <param name="app"></param>

    /// <param name="env"></param>

    /// <param name="appUser"></param>

    /// <param name="logger"></param>

    public void Configure(IApplicationBuilder app,

                          IHostingEnvironment env,

                          IApplicationUser appUser,

                          ILogger<Startup> logger)

    {

        if (env.IsDevelopment())

        {

            app.UseDeveloperExceptionPage();

        }

        else

        {

            app.UseExceptionHandler("/Error");

            app.UseHsts();

        }



        app.UseHttpsRedirection();

        app.UseAuthentication();

        app.Use(next =>

        {

            return async context =>

            {

                // DefaultAuthenticateScheme causes User to be set

                var user = context.User;



                // Not authenticated

                if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))

                {

                    await context.ChallengeAsync();

                }

                else

                {

                    if (!appUser.Exists())

                        appUser.LoadUserData(context);



                    await next(context);

                }

            };

        });

        app.UseStaticFiles();

        app.UseSpaStaticFiles();



        app.UseMvc(routes =>

        {

            routes.MapRoute(

                name: "default",

                template: "{controller}/{action=Index}/{id?}");

        });



        app.UseSpa(spa =>

        {

            spa.Options.SourcePath = "ClientApp";



            if (env.IsDevelopment())

            {

                spa.UseAngularCliServer(npmScript: "start");

            }

        });

    }

}

}

c# login .net-core single-page-application adfs

share|improve this question

asked Nov 19 '18 at 19:38

DrewDrew

33

• 
  
  
  

  
  

  
  
  
  
  
  

  
  The company I work for uses Sessions to store user permissions. It's common practice to use Session for this very reason.
  – Dom
  Nov 19 '18 at 19:44
  

  
  
  
  

add a comment | 

0

Looking for comments on my code in hopes to find a standards based practice. I am currently deploying a SPA application (angular) with .NET Core as the backend. We have an on prem ADFS so I have set up the application to automatically log the user in when they reach the site. The code works fine, however I am curious if this is a common way to accomplish or if there is a standard pattern for this use case.

using CPQrp.Services;

using Microsoft.AspNetCore.Authentication;

using Microsoft.AspNetCore.Authentication.Cookies;

using Microsoft.AspNetCore.Authentication.WsFederation;

using Microsoft.AspNetCore.Builder;

using Microsoft.AspNetCore.Hosting;

using Microsoft.AspNetCore.Mvc;

using Microsoft.AspNetCore.SpaServices.AngularCli;

using Microsoft.Extensions.Configuration;

using Microsoft.Extensions.DependencyInjection;

using Microsoft.Extensions.Logging;

using System;

using System.Linq;



namespace CPQrp

{

public class Startup

{

    private IConfiguration _config;



    public Startup(IConfiguration configuration)

    {

        _config = configuration;

    }



    /// <summary>

    /// This method gets called by the runtime. Use this method to add services to the container.

    /// </summary>

    /// <param name="services"></param>

    public void ConfigureServices(IServiceCollection services)

    {

        // ROUTING

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);



        services.AddSpaStaticFiles(configuration =>

        {

            // In production, the Angular files will be served from this directory

            configuration.RootPath = "ClientApp/dist";

        });



        // CUSTOM SERVICES

        services.AddSingleton<IApplicationUser, ApplicationUser>();



        // AUTHENTICATION

        services.AddAuthentication(sharedOptions =>

        {

            sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

            sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

            sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;

        })

        .AddWsFederation(options =>

        {

            _config.Bind("ADFS", options);

        })

        .AddCookie(options =>

        {

            options.Cookie.Name = "auth";

            options.Cookie.Expiration = TimeSpan.FromDays(30);

        });

    }



    /// <summary>

    /// 

    /// </summary>

    /// <param name="app"></param>

    /// <param name="env"></param>

    /// <param name="appUser"></param>

    /// <param name="logger"></param>

    public void Configure(IApplicationBuilder app,

                          IHostingEnvironment env,

                          IApplicationUser appUser,

                          ILogger<Startup> logger)

    {

        if (env.IsDevelopment())

        {

            app.UseDeveloperExceptionPage();

        }

        else

        {

            app.UseExceptionHandler("/Error");

            app.UseHsts();

        }



        app.UseHttpsRedirection();

        app.UseAuthentication();

        app.Use(next =>

        {

            return async context =>

            {

                // DefaultAuthenticateScheme causes User to be set

                var user = context.User;



                // Not authenticated

                if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))

                {

                    await context.ChallengeAsync();

                }

                else

                {

                    if (!appUser.Exists())

                        appUser.LoadUserData(context);



                    await next(context);

                }

            };

        });

        app.UseStaticFiles();

        app.UseSpaStaticFiles();



        app.UseMvc(routes =>

        {

            routes.MapRoute(

                name: "default",

                template: "{controller}/{action=Index}/{id?}");

        });



        app.UseSpa(spa =>

        {

            spa.Options.SourcePath = "ClientApp";



            if (env.IsDevelopment())

            {

                spa.UseAngularCliServer(npmScript: "start");

            }

        });

    }

}

}

c# login .net-core single-page-application adfs

share|improve this question

asked Nov 19 '18 at 19:38

DrewDrew

33

• 
  
  
  

  
  

  
  
  
  
  
  

  
  The company I work for uses Sessions to store user permissions. It's common practice to use Session for this very reason.
  – Dom
  Nov 19 '18 at 19:44
  

  
  
  
  

add a comment | 

0

0

0

Looking for comments on my code in hopes to find a standards based practice. I am currently deploying a SPA application (angular) with .NET Core as the backend. We have an on prem ADFS so I have set up the application to automatically log the user in when they reach the site. The code works fine, however I am curious if this is a common way to accomplish or if there is a standard pattern for this use case.

using CPQrp.Services;

using Microsoft.AspNetCore.Authentication;

using Microsoft.AspNetCore.Authentication.Cookies;

using Microsoft.AspNetCore.Authentication.WsFederation;

using Microsoft.AspNetCore.Builder;

using Microsoft.AspNetCore.Hosting;

using Microsoft.AspNetCore.Mvc;

using Microsoft.AspNetCore.SpaServices.AngularCli;

using Microsoft.Extensions.Configuration;

using Microsoft.Extensions.DependencyInjection;

using Microsoft.Extensions.Logging;

using System;

using System.Linq;



namespace CPQrp

{

public class Startup

{

    private IConfiguration _config;



    public Startup(IConfiguration configuration)

    {

        _config = configuration;

    }



    /// <summary>

    /// This method gets called by the runtime. Use this method to add services to the container.

    /// </summary>

    /// <param name="services"></param>

    public void ConfigureServices(IServiceCollection services)

    {

        // ROUTING

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);



        services.AddSpaStaticFiles(configuration =>

        {

            // In production, the Angular files will be served from this directory

            configuration.RootPath = "ClientApp/dist";

        });



        // CUSTOM SERVICES

        services.AddSingleton<IApplicationUser, ApplicationUser>();



        // AUTHENTICATION

        services.AddAuthentication(sharedOptions =>

        {

            sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

            sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

            sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;

        })

        .AddWsFederation(options =>

        {

            _config.Bind("ADFS", options);

        })

        .AddCookie(options =>

        {

            options.Cookie.Name = "auth";

            options.Cookie.Expiration = TimeSpan.FromDays(30);

        });

    }



    /// <summary>

    /// 

    /// </summary>

    /// <param name="app"></param>

    /// <param name="env"></param>

    /// <param name="appUser"></param>

    /// <param name="logger"></param>

    public void Configure(IApplicationBuilder app,

                          IHostingEnvironment env,

                          IApplicationUser appUser,

                          ILogger<Startup> logger)

    {

        if (env.IsDevelopment())

        {

            app.UseDeveloperExceptionPage();

        }

        else

        {

            app.UseExceptionHandler("/Error");

            app.UseHsts();

        }



        app.UseHttpsRedirection();

        app.UseAuthentication();

        app.Use(next =>

        {

            return async context =>

            {

                // DefaultAuthenticateScheme causes User to be set

                var user = context.User;



                // Not authenticated

                if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))

                {

                    await context.ChallengeAsync();

                }

                else

                {

                    if (!appUser.Exists())

                        appUser.LoadUserData(context);



                    await next(context);

                }

            };

        });

        app.UseStaticFiles();

        app.UseSpaStaticFiles();



        app.UseMvc(routes =>

        {

            routes.MapRoute(

                name: "default",

                template: "{controller}/{action=Index}/{id?}");

        });



        app.UseSpa(spa =>

        {

            spa.Options.SourcePath = "ClientApp";



            if (env.IsDevelopment())

            {

                spa.UseAngularCliServer(npmScript: "start");

            }

        });

    }

}

}

c# login .net-core single-page-application adfs

share|improve this question

asked Nov 19 '18 at 19:38

DrewDrew

33

Looking for comments on my code in hopes to find a standards based practice. I am currently deploying a SPA application (angular) with .NET Core as the backend. We have an on prem ADFS so I have set up the application to automatically log the user in when they reach the site. The code works fine, however I am curious if this is a common way to accomplish or if there is a standard pattern for this use case.

using CPQrp.Services;

using Microsoft.AspNetCore.Authentication;

using Microsoft.AspNetCore.Authentication.Cookies;

using Microsoft.AspNetCore.Authentication.WsFederation;

using Microsoft.AspNetCore.Builder;

using Microsoft.AspNetCore.Hosting;

using Microsoft.AspNetCore.Mvc;

using Microsoft.AspNetCore.SpaServices.AngularCli;

using Microsoft.Extensions.Configuration;

using Microsoft.Extensions.DependencyInjection;

using Microsoft.Extensions.Logging;

using System;

using System.Linq;



namespace CPQrp

{

public class Startup

{

    private IConfiguration _config;



    public Startup(IConfiguration configuration)

    {

        _config = configuration;

    }



    /// <summary>

    /// This method gets called by the runtime. Use this method to add services to the container.

    /// </summary>

    /// <param name="services"></param>

    public void ConfigureServices(IServiceCollection services)

    {

        // ROUTING

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);



        services.AddSpaStaticFiles(configuration =>

        {

            // In production, the Angular files will be served from this directory

            configuration.RootPath = "ClientApp/dist";

        });



        // CUSTOM SERVICES

        services.AddSingleton<IApplicationUser, ApplicationUser>();



        // AUTHENTICATION

        services.AddAuthentication(sharedOptions =>

        {

            sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

            sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

            sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;

        })

        .AddWsFederation(options =>

        {

            _config.Bind("ADFS", options);

        })

        .AddCookie(options =>

        {

            options.Cookie.Name = "auth";

            options.Cookie.Expiration = TimeSpan.FromDays(30);

        });

    }



    /// <summary>

    /// 

    /// </summary>

    /// <param name="app"></param>

    /// <param name="env"></param>

    /// <param name="appUser"></param>

    /// <param name="logger"></param>

    public void Configure(IApplicationBuilder app,

                          IHostingEnvironment env,

                          IApplicationUser appUser,

                          ILogger<Startup> logger)

    {

        if (env.IsDevelopment())

        {

            app.UseDeveloperExceptionPage();

        }

        else

        {

            app.UseExceptionHandler("/Error");

            app.UseHsts();

        }



        app.UseHttpsRedirection();

        app.UseAuthentication();

        app.Use(next =>

        {

            return async context =>

            {

                // DefaultAuthenticateScheme causes User to be set

                var user = context.User;



                // Not authenticated

                if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))

                {

                    await context.ChallengeAsync();

                }

                else

                {

                    if (!appUser.Exists())

                        appUser.LoadUserData(context);



                    await next(context);

                }

            };

        });

        app.UseStaticFiles();

        app.UseSpaStaticFiles();



        app.UseMvc(routes =>

        {

            routes.MapRoute(

                name: "default",

                template: "{controller}/{action=Index}/{id?}");

        });



        app.UseSpa(spa =>

        {

            spa.Options.SourcePath = "ClientApp";



            if (env.IsDevelopment())

            {

                spa.UseAngularCliServer(npmScript: "start");

            }

        });

    }

}

}

c# login .net-core single-page-application adfs

c# login .net-core single-page-application adfs

share|improve this question

asked Nov 19 '18 at 19:38

DrewDrew

33

share|improve this question

asked Nov 19 '18 at 19:38

DrewDrew

33

share|improve this question

share|improve this question

asked Nov 19 '18 at 19:38

DrewDrew

33

asked Nov 19 '18 at 19:38

DrewDrew

33

asked Nov 19 '18 at 19:38

DrewDrew

33

33

• 
  
  
  

  
  

  
  
  
  
  
  

  
  The company I work for uses Sessions to store user permissions. It's common practice to use Session for this very reason.
  – Dom
  Nov 19 '18 at 19:44
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  The company I work for uses Sessions to store user permissions. It's common practice to use Session for this very reason.
  – Dom
  Nov 19 '18 at 19:44
  

  
  
  
  

The company I work for uses Sessions to store user permissions. It's common practice to use Session for this very reason.
– Dom
Nov 19 '18 at 19:44

The company I work for uses Sessions to store user permissions. It's common practice to use Session for this very reason.
– Dom
Nov 19 '18 at 19:44

add a comment | 

0

active

oldest

votes

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you're in danger of being blocked from answering.

Please pay close attention to the following guidance:

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53381509%2fnet-core-auto-login-with-adfs%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

active

oldest

votes

0

active

oldest

votes

active

oldest

votes

active

oldest

votes

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you're in danger of being blocked from answering.

Please pay close attention to the following guidance:

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you're in danger of being blocked from answering.

Please pay close attention to the following guidance:

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53381509%2fnet-core-auto-login-with-adfs%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Name

Name

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Name

Name

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

This page is only for reference, If you need detailed information, please check here