{"id":2693,"date":"2014-02-20T13:20:31","date_gmt":"2014-02-20T20:20:31","guid":{"rendered":"http:\/\/www.cloudidentity.com\/blog\/?p=2693"},"modified":"2014-02-21T02:07:43","modified_gmt":"2014-02-21T09:07:43","slug":"ws-federation-in-microsoft-owin-componentsa-quick-start","status":"publish","type":"post","link":"https:\/\/www.cloudidentity.com\/blog\/2014\/02\/20\/ws-federation-in-microsoft-owin-componentsa-quick-start\/","title":{"rendered":"WS-Federation in Microsoft OWIN Components–a quick start"},"content":{"rendered":"

As you might have seen on the WebDev blog<\/a>, today we unveiled the first preview of the new WS-Federation support in Microsoft OWIN Components. In this quick post you\u2019ll see the new programming model in action. We will create a basic, no-frills app and configure it to authenticate users via WS-Federation and Windows Azure Active Directory. I will use Visual Studio 2013, but in fact you can just as well use VS 2012.<\/p>\n

Create a basic MVC app<\/h2>\n

Let\u2019s start by creating a new project by selecting the ASP.NET web project template.<\/p>\n

\"image\"<\/a><\/p>\n

We want to take over the authentication function, hence we want the project to start with no code for it. Press Change Authentication, choose No Authentication from the radio buttons on the left, and click OK until the project template is initialized.<\/p>\n

\"image\"<\/a><\/p>\n

Before anything else, go to the HomeController and decorate with an[Authorize] attribute the HomeController class itself \u2013 this is for ensuring that no unauthenticated user can access it and for triggering the sign in flow once we\u2019ll have all the settings in place.<\/p>\n

Once you have done that, here\u2019s there\u2019s an extra step that is really good practice. We want the application to run on HTTPS. Select the project in Project Explorer, go in the project properties and flip the SSL Enabled property to True.<\/p>\n

\"image\"<\/a><\/p>\n

IIS Express assigns the project a port. Select the https URL and copy it on the clipboard. Then, right-click on the project in Project Explorer and choose Properties from the menu.<\/p>\n

Pick the Web tab, locate the Project Url and paste in there the https URL. This will guarantee that when you debug your project starts on the correct address.<\/p>\n

\"image\"<\/a><\/p>\n

Keep the URL in the clipboard, as you\u2019ll need it again soon!<\/p>\n

Create the app entry in Windows Azure AD<\/h2>\n

In order to secure an application with Windows Azure AD, you need to provision an entry in your directory tenant that provides the app\u2019s coordinates.<\/p>\n

Navigate to https:\/\/manage.windowsazure.com\/<\/a> and sign in as an administrator. Locate the directory icon on the tab list on the left and click on it. Identify from the list the tenant you want to use and click on it. Finally, select the Applications header and choose Add from the bottom command bar. As we are developing a new app, choose the first option. That will start a short wizard that will help you to provision the application.<\/p>\n

\"image\"<\/a><\/p>\n

Choose any name you like. I personally like to use the same name of the Visual Studio project, it makes it easier to find my way around when the number of apps grows, but you can use whatever technique works you like.<\/p>\n

Make sure that the Web application and\/or web API option is selected, then move to the next screen.<\/p>\n

\"image\"<\/a><\/p>\n

This part is very important.<\/p>\n

The sign-on URL must match the URL of your application: you can paste here the address you\u2019ve been keeping in the clipboard.<\/p>\n

The App Id URI is the identifier for the application, or in WS-Federation parlance the realm of the application. You can choose any identifier that makes sense for you, as long as it is unique within the tenant. I usually try to follow a memorable schema. Remember, given that this is a URI this value does not need to correspond to any real network address!<\/p>\n

Once you have entered the values, move to the next screen.<\/p>\n

\"image\"<\/a><\/p>\n

Here you decide on whata ccess rights your app has on the directory. FOr our purposes, you can keep the single sign-on value selected and finish the wizard.<\/p>\n

\"image\"<\/a><\/p>\n

The next screen signals the successful conclusion of the app provisioning, and displays the two values you\u2019ll need to plug in your project in order to connect to Windows Azure AD.<\/p>\n

\"image\"<\/a><\/p>\n

That\u2019s all you need to do on the portal. Switch back to Visual Studio, but keep the last page around: we\u2019ll need its values shortly.<\/p>\n

Add the OWIN security components, add initialization logic<\/h2>\n

All of the tasks we have done so far are just business as usual. In this last section we are actually going to take advantage of the new system. With the current claims based model, at this point we would run a tool to generate the necessary configuration. With the new OWIN security components, we don\u2019t need any tool: coding is easy enough that we can do it manually.<\/p>\n

Let\u2019s start by adding references to the packages we need. Head to the paclkage manager console and enter the commands below:<\/p>\n