Displayr.AspNetSaml 1.0.2

This package allows your web application or SAML service provider to integrate with a third party SAML Identity Provider (e.g. Microsoft Azure AD). Displayr.AspNetSaml is a fork of https://www.nuget.org/packages/AspNetSaml that includes some changes that the https://www.displayr.com/ engineering team required for their SAML integration.

There is a newer version of this package available.
See the version list below for details.
Install-Package Displayr.AspNetSaml -Version 1.0.2
dotnet add package Displayr.AspNetSaml --version 1.0.2
<PackageReference Include="Displayr.AspNetSaml" Version="1.0.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Displayr.AspNetSaml --version 1.0.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

AspNetSaml

Very simple SAML 2.0 "consumer" implementation in C#. It's a SAML client library, not a SAML server, allows adding SAML single-sign-on to your ASP.NET app, but not to provide auth services to other apps.

Consists of one short C# file you can throw into your project (or install via nuget) and start using it. Originally forked from OneLogin's .NET SAML library, but we had to fix a lot of stuff...

Usage

How SAML works?

SAML workflow has 2 steps:

  1. User is redirected to the SAML provider (where he authenticates)
  2. User is redirected back to your app, where you validate the payload

Here's how you do it:

1. Redirecting the user to the saml provider:

//specify the SAML provider url here, aka "Endpoint"
var samlEndpoint = "http://saml-provider-that-we-use.com/login/";

var request = new AuthRequest(
	"http://www.myapp.com", //put your app's "unique ID" here
	"http://www.myapp.com/SamlConsume" //assertion Consumer Url - the redirect URL where the provider will send authenticated users
	);
	
//generate the provider URL
string url = request.GetRedirectUrl(samlEndpoint);

//then redirect your user to the above "url" var
//for example, like this:
Response.Redirect(url);

2. User has been redirected back

User is sent back to your app - you need to validate the SAML response ("assertion") that you recieved via POST.

Here's an example of how you do it in ASP.NET MVC

//ASP.NET MVC action method... But you can easily modify the code for Web-forms etc.
public ActionResult SamlConsume()
{
	//specify the certificate that your SAML provider has given to you
	string samlCertificate = @"-----BEGIN CERTIFICATE-----
BLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAH123543==
-----END CERTIFICATE-----";

	Saml.Response samlResponse = new Response(samlCertificate);
	samlResponse.LoadXmlFromBase64(Request.Form["SAMLResponse"]); //SAML providers usually POST the data into this var

	if (samlResponse.IsValid())
	{
		//WOOHOO!!! user is logged in
		//YAY!
		
		//Some more optional stuff for you
		//lets extract username/firstname etc
		string username, email, firstname, lastname;
		try
		{
			username = samlResponse.GetNameID();
			email = samlResponse.GetEmail();
			firstname = samlResponse.GetFirstName();
			lastname = samlResponse.GetLastName();
		}
		catch(Exception ex)
		{
			//insert error handling code
			//no, really, please do
			return null;
		}
		
		//user has been authenticated, put your code here, like set a cookie or something...
		//or call FormsAuthentication.SetAuthCookie() or something
	}
}

Dependencies

Project should reference System.Security

Nuget

I've published this to Nuget.

Install-Package Displayr.AspNetSaml

This will add a reference to a compiled version of this assembly.

AspNetSaml

Very simple SAML 2.0 "consumer" implementation in C#. It's a SAML client library, not a SAML server, allows adding SAML single-sign-on to your ASP.NET app, but not to provide auth services to other apps.

Consists of one short C# file you can throw into your project (or install via nuget) and start using it. Originally forked from OneLogin's .NET SAML library, but we had to fix a lot of stuff...

Usage

How SAML works?

SAML workflow has 2 steps:

  1. User is redirected to the SAML provider (where he authenticates)
  2. User is redirected back to your app, where you validate the payload

Here's how you do it:

1. Redirecting the user to the saml provider:

//specify the SAML provider url here, aka "Endpoint"
var samlEndpoint = "http://saml-provider-that-we-use.com/login/";

var request = new AuthRequest(
	"http://www.myapp.com", //put your app's "unique ID" here
	"http://www.myapp.com/SamlConsume" //assertion Consumer Url - the redirect URL where the provider will send authenticated users
	);
	
//generate the provider URL
string url = request.GetRedirectUrl(samlEndpoint);

//then redirect your user to the above "url" var
//for example, like this:
Response.Redirect(url);

2. User has been redirected back

User is sent back to your app - you need to validate the SAML response ("assertion") that you recieved via POST.

Here's an example of how you do it in ASP.NET MVC

//ASP.NET MVC action method... But you can easily modify the code for Web-forms etc.
public ActionResult SamlConsume()
{
	//specify the certificate that your SAML provider has given to you
	string samlCertificate = @"-----BEGIN CERTIFICATE-----
BLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAH123543==
-----END CERTIFICATE-----";

	Saml.Response samlResponse = new Response(samlCertificate);
	samlResponse.LoadXmlFromBase64(Request.Form["SAMLResponse"]); //SAML providers usually POST the data into this var

	if (samlResponse.IsValid())
	{
		//WOOHOO!!! user is logged in
		//YAY!
		
		//Some more optional stuff for you
		//lets extract username/firstname etc
		string username, email, firstname, lastname;
		try
		{
			username = samlResponse.GetNameID();
			email = samlResponse.GetEmail();
			firstname = samlResponse.GetFirstName();
			lastname = samlResponse.GetLastName();
		}
		catch(Exception ex)
		{
			//insert error handling code
			//no, really, please do
			return null;
		}
		
		//user has been authenticated, put your code here, like set a cookie or something...
		//or call FormsAuthentication.SetAuthCookie() or something
	}
}

Dependencies

Project should reference System.Security

Nuget

I've published this to Nuget.

Install-Package Displayr.AspNetSaml

This will add a reference to a compiled version of this assembly.

Release Notes

Recombined the Microsoft-specic behaviour into the Response class (as per the original design by Jitbit) using more liberal fallbacks so you can use the same class across Saml Providers. I envision that we would add more fallbacks as we try to integrate with other Saml providers and find that they use different claim names in their identity provider responses.

Dependencies

This package has no dependencies.

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
1.1.3 50 12/5/2019
1.1.2 31 12/5/2019
1.1.1 35 12/5/2019
1.1.0 41 12/5/2019
1.0.3 376 5/1/2019
1.0.2 429 4/3/2019
1.0.1 82 4/3/2019
Show less