Wednesday, December 18, 2013

ADFS : Integrating with AuthorisationServer

Have been playing around with this and using ADFS as my IDP.

Good article on how to do this - Adding OAuth2 to ADFS (and thus bridging the gap between modern Applications and Enterprise Back ends).

But I battled with getting the admin stuff to work.

When you first configure it, it asks for an admin. name that is written to the SQL CE 4.0 DB.

Put some thought into this because this is an attribute that you have to provide in the form of a claim.

Assume my standard login name is jbloggs. So that's what I entered.

But when I configured ADFS, I mapped DisplayName to Name. But my DisplayName is "Joe" or "Joe Bloggs" or whatever.

So I ended up mapping my sAMAccountName (which is jbloggs) to Name and all was well.

Also, the DB is placed in the AppData folder and the file type is .sdf.

I found the easiest way to examine it was via LinqPad.

"Add Connection" / Next / Provider = CE SQL 4.0 / Browse to sdf file / OK.


Tuesday, December 10, 2013

Azure : Azure Active Directory and Web API

Two new labels today - moving off on another tangent!

Vittorio wrote an excellent article Secure ASP.NET Web API with Windows Azure AD and Microsoft OWIN Components.

When I tried to do this, ran into two problems.

Firstly, we have a *&&^%^%%$ corporate proxy - I HATE them.

So had to add the following to the test client in the web.config or app.config:
defaultProxy enabled="true" useDefaultCredentials="true"
proxy bypassonlocal="True" usesystemdefault="True"
Insert your own xml start / end format!

Secondly, got the error:

"System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure."

In Vittorio's example, he uses localhost for the web site as did I.

You have to ensure you have no certificate errors when you browse to localhost - you can check that in IE - the certificate box should NOT be red.

If it is, just click it and run the wizard to import it into the "CA Trusted Root" area.

Also, make sure that it has not expired!