It is not entirely clear what you want. If you don't want to be redirected automatically, you have to "open the pages" in your web.config with an . That way your login screen can come up and you can have a login button that explicitly redirects to the eid site. On the same page you can have a login form that uses forms authentciation.
Configure OWIN to use Forms login and federated login
-
01-07-2022 - |
Frage
I'm creating a new MVC5 - ASP.NET Identity project, and I'd like to support two methods of logging in: forms and eID (digital passport).
I'd like to use OWIN to easily implement these features:
- Forms login: Validate user based on username and password
- Fed Auth: Read the data from the eID, receive the request and find the user coupled to that eID (https://www.e-contract.be/eid-idp/authentication). Right now I have been able to add the FedAuth STS via WIF, but whenever I open my application, I get redirected automatically to the eID-site (if I disable the passiveredirect I get a redirect-loop)
I know this is going to be a broad subject and I know this is a very general question. I've tried googling for some tutorials, but I can't find any resources to learn more about OWIN or to implement (I assume this is via oAuth) fedauth.
How should I go about implementing this? Thanks!
** Solution **
This is the web.config that I use:
<configSections>
..
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
..
</configSections>
<appSettings>
..
<add key="ida:FederationMetadataLocation" value="https://www.e-contract.be/eid-idp/endpoints/ws-federation/metadata/auth-ident-metadata.xml" />
<add key="ida:Issuer" value="https://www.e-contract.be/eid-idp/protocol/ws-federation/auth-ident" />
<add key="ida:ProviderSelection" value="productionSTS" />
..
</appSettings>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
..
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://localhost:44301/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089">
<trustedIssuers>
<add thumbprint="5981a2be47ca66203c9165edeb697d833df1b77d" name="www.e-contract.be" /><!-- Change this thumbprint if eID stops working https://www.e-contract.be/eid-idp/main.seam -->
</trustedIssuers>
</issuerNameRegistry>
<claimsAuthenticationManager type="ePortaal.Federation.FederationUserAuthenticationManager, ePortaal" />
<certificateValidation certificateValidationMode="None" />
<securityTokenHandlers>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation requireHttps="true" passiveRedirectEnabled="false" realm="https://localhost:44301/" issuer="https://www.e-contract.be/eid-idp/protocol/ws-federation/auth-ident" />
</federationConfiguration>
</system.identityModel.services>
e-contract changes their thumbprint every couple of months, you can find it on the website under "Identiteit thumbprint: 5981a2be47ca66203c9165edeb697d833df1b77d (put this key in your web.config)"
Lösung