C# – How to retrieve claims from ADFS (Active Directory Federation Services)

adfsasp.net-mvc-4c

I have developed an ASP.NET MVC4 application and deployed on the client server. Our client uses ADFS (Active Directory Federation Services) and wants ADFS users to log into our web app. I am able to manage there login from ADFS. When user attempts to access my app's Login page they get re-directed to the ADFS login and once authenticated returned to my application. Now I need this email id that was used while login on ADFS in my application. I came to know that we can get this by retrieving claims from the ADFS.
How can we get claims from ADFS and use this in our MVC controller. I'll really appreciate a simple code example which could be used in this scenario.

Best Answer

This blog entry I wrote years ago shows how a minimal code that authenticates with an external Ws-Fed identity provider would look like

http://www.wiktorzychla.com/2014/11/simplest-saml11-federated-authentication.html

The trick is to use the WSFederationAuthenticationModule's APIs to

detect a post that carries a saml token (IsSignInResponse)
validates and parses the token (ValidateToken)

What you get is an instance of the ClaimsIdentity, a builtin class you can directly fetch claims from:

var identity = ...;

var email = identity.FindFirst( c => c.Type == ClaimTypes.Email );

https://msdn.microsoft.com/en-us/library/system.security.claims.claimsidentity(v=vs.110).aspx

Best Answer

Related Solutions

Is it a bad practice to put external users in Active Directory

Ruby-on-rails – SSO (Single sign-on) and ADFS (Active Directory Federation Services) with Ruby On Rails

Related Topic