Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

An Open Source ASP.NET SAML2 Service Provider

DZone's Guide to

An Open Source ASP.NET SAML2 Service Provider

by
Anders Abel
·
Oct. 06, 13 ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

I’m happy to announce an open source ASP.NET SAML2 Service Provider. SAML2 is a common standard for single sign on in enterprise environments. A Service Provider in SAML2 is a web site that allows log on through SAML2 Identity Provider (IdP). Implementing a Service Provider requires issuing authentication requests (AuthnRequest) and handling the returned response.

At Kentor we have seen an increase in the demand for using SAML2 authentication from our customers. When doing a recent project we didn’t find any suitable component, so we had to roll our own. Knowing that we would need to do this more times for other applications we decided to write a more general, standalone component that we can reuse in other projects. We are now also releasing it as open source for anyone to use for free.

The Kentor.AuthServices Library

The library is hosted at github and is released under an LGPL license. We chose that license because while it should be possible to use the library in closed source and commercial solutions, we want the library itself and any improvements to it to remain open source.

The core part of the library is the Saml2AuthenticationModule IIS module that handles the authentication. In the most simple case, it is possible to add the IIS module to configuration and get federated authentication without a single line of code to write. There is a sample ASP.NET MVC application available that uses the library and shows how to call it.

Please Review the Code!

Being a security sensitive library I would be extremely grateful for any code review being done – especially security reviews and checking that the validation of incoming tokens is done correctly. It is so easy to make a mistake and even a tiny one could compromise a site that uses the library.

Contributing

I’m of course happy if anyone would like to contribute to make the library more complete. I’ve added a bunch of issues with things I would like to add if I have time.

Let me Know!

Finally I would be very interested in any feedback if you have tried the library. Did it work? If not, what didn’t? Do you have any suggestions for more features? Do you know of any other similar component that would be better to use than starting from scratch (don’t tell me I’ve wasted my time writing a component just because I’m bad at googling)?

Please leave a comment below or drop me a mail and let me know about your experiences.

Like This Article? Read More From DZone

AppNeta vs. NetFlow: App Identification Without the Overhead
Introducing Mesos-Native Health Checks in Apache Mesos (Part 2)
Everything You Need to Know About Mobile App Architecture

Free DZone Refcard

Data Warehousing
DOWNLOAD
Topics:

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Anders Abel, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone