Merge pull request #52 from bobfitch/master

Typo in the subtitle!
This commit is contained in:
Martin Danielsson 2016-04-13 16:15:16 +02:00
commit 793af0dc62

View file

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: How to use an On-Premise Identity Server in ASP.NET title: How to use an On-Premise Identity Server in ASP.NET
subtitle: Log in to an ASP.NET application with AFDS identity and check membership in specific groups subtitle: Log in to an ASP.NET application with ADFS identity and check membership in specific groups
category: howto category: howto
tags: [cloud] tags: [cloud]
author: Robert Fitch author: Robert Fitch
@ -62,7 +62,7 @@ Compile the project.
If you are wondering where all of the authentication code resides (or if you need to modify an existing project!), here are the details: If you are wondering where all of the authentication code resides (or if you need to modify an existing project!), here are the details:
The App ID URI and the On-Premises Authority URL are stored in the <appSettings> node of web.config: The App ID URI and the On-Premises Authority URL are stored in the `<appSettings>` node of web.config:
~~~xml ~~~xml
<add key="ida:ADFSMetadata" value="https://xxxxxxxxxx.com/FederationMetadata/2007-06/FederationMetadata.xml" /> <add key="ida:ADFSMetadata" value="https://xxxxxxxxxx.com/FederationMetadata/2007-06/FederationMetadata.xml" />
@ -108,6 +108,9 @@ On the identity server, these are the critical configuration pages for a new **R
## Endpoints ## ## Endpoints ##
{:.center}
![]( /images/adfs-identity/pic32.jpg){:style="margin:auto"}
This is the page which lists all browser source endpoints which are to be considered valid by the identity server. Here you see the entry which comes into play while we are debugging locally. Once your application has been uploaded to server, e.g. Azure, you must add the new endpoint e.g.: This is the page which lists all browser source endpoints which are to be considered valid by the identity server. Here you see the entry which comes into play while we are debugging locally. Once your application has been uploaded to server, e.g. Azure, you must add the new endpoint e.g.:
`https://xxxxxxxxxx.azurewebsites.net/` `https://xxxxxxxxxx.azurewebsites.net/`
@ -119,7 +122,7 @@ This is the page which lists all browser source endpoints which are to be consid
**Issuance Authorization Rules** **Issuance Authorization Rules**
{:.center} {:.center}
![]( /images/adfs-identity/pic32.jpg){:style="margin:auto"} ![]( /images/adfs-identity/pic33.jpg){:style="margin:auto"}
**Issuance Transform Rules** **Issuance Transform Rules**
@ -128,12 +131,12 @@ This is where we define which identity claims will go out to the requesting appl
Add a rule named e.g. **AD2OutgoingClaims** Add a rule named e.g. **AD2OutgoingClaims**
{:.center} {:.center}
![]( /images/adfs-identity/pic33.jpg){:style="margin:auto"} ![]( /images/adfs-identity/pic34.jpg){:style="margin:auto"}
and edit it like this: and edit it like this:
{:.center} {:.center}
![]( /images/adfs-identity/pic34.jpg){:style="margin:auto"} ![]( /images/adfs-identity/pic35.jpg){:style="margin:auto"}
The last line is the special one (the others being fairly standard). The last line causes AD to export every group that the user belongs to as a role, which can then be queried on the application side. The last line is the special one (the others being fairly standard). The last line causes AD to export every group that the user belongs to as a role, which can then be queried on the application side.