From ffcda63f55332b029a0bc0f47c6882dfadb3e749 Mon Sep 17 00:00:00 2001 From: Robert Fitch Date: Wed, 13 Apr 2016 16:01:54 +0200 Subject: [PATCH 1/3] Typo in the subtitle! --- _posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md b/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md index 310ebca..e469498 100644 --- a/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md +++ b/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md @@ -1,7 +1,7 @@ --- layout: post title: How to use an On-Premise Identity Server in ASP.NET -subtitle: Log in to an ASP.NET application with AFDS identity and check membership in specific groups +subtitle: Log in to an ASP.NET application with ADFS identity and check membership in specific groups category: howto tags: [cloud] author: Robert Fitch From b2b68dbff0e6b53f345688a3d97d9a6f393cb438 Mon Sep 17 00:00:00 2001 From: Robert Fitch Date: Wed, 13 Apr 2016 16:06:30 +0200 Subject: [PATCH 2/3] Make tag in content visible --- _posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md b/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md index e469498..c1d0442 100644 --- a/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md +++ b/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md @@ -62,7 +62,7 @@ Compile the project. If you are wondering where all of the authentication code resides (or if you need to modify an existing project!), here are the details: -The App ID URI and the On-Premises Authority URL are stored in the node of web.config: +The App ID URI and the On-Premises Authority URL are stored in the `` node of web.config: ~~~xml From 0c4e829009c2c5afdacdb45b422a7f8bc68e68e3 Mon Sep 17 00:00:00 2001 From: Robert Fitch Date: Wed, 13 Apr 2016 16:12:33 +0200 Subject: [PATCH 3/3] Some images in wrong order --- .../2016-04-13-haufe-adfs-identity-for-aspnet-login.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md b/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md index c1d0442..874efcf 100644 --- a/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md +++ b/_posts/2016-04-13-haufe-adfs-identity-for-aspnet-login.md @@ -108,6 +108,9 @@ On the identity server, these are the critical configuration pages for a new **R ## Endpoints ## +{:.center} +![]( /images/adfs-identity/pic32.jpg){:style="margin:auto"} + This is the page which lists all browser source endpoints which are to be considered valid by the identity server. Here you see the entry which comes into play while we are debugging locally. Once your application has been uploaded to server, e.g. Azure, you must add the new endpoint e.g.: `https://xxxxxxxxxx.azurewebsites.net/` @@ -119,7 +122,7 @@ This is the page which lists all browser source endpoints which are to be consid **Issuance Authorization Rules** {:.center} -![]( /images/adfs-identity/pic32.jpg){:style="margin:auto"} +![]( /images/adfs-identity/pic33.jpg){:style="margin:auto"} **Issuance Transform Rules** @@ -128,12 +131,12 @@ This is where we define which identity claims will go out to the requesting appl Add a rule named e.g. **AD2OutgoingClaims** {:.center} -![]( /images/adfs-identity/pic33.jpg){:style="margin:auto"} +![]( /images/adfs-identity/pic34.jpg){:style="margin:auto"} and edit it like this: {:.center} -![]( /images/adfs-identity/pic34.jpg){:style="margin:auto"} +![]( /images/adfs-identity/pic35.jpg){:style="margin:auto"} The last line is the special one (the others being fairly standard). The last line causes AD to export every group that the user belongs to as a role, which can then be queried on the application side.