In the digital age, seamless and secure access to multiple applications with a single login is critical for enhancing user experience and security. Sparkle Web has successfully implemented Single Sign-On (SSO) login using .NET Web API for a client, streamlining their authentication process and improving overall efficiency.
What is SSO Login?
Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services with one set of login credentials. Instead of remembering different usernames and passwords for various platforms, users authenticate once through a centralized system and gain access to all connected applications.
How Does SAML SSO Authentication Work?
SAML (Security Assertion Markup Language) is one of the most widely used SSO protocols. Here's how it works:
- User Requests Access: The user tries to access a protected resource or application.
- Redirection to Identity Provider (IdP): The Service Provider (SP) redirects the user to the IdP for authentication.
- User Authentication: The IDP verifies the user's identity, usually through username and password.
- SAML Assertion: Upon successful authentication, the IdP creates a SAML assertion—a signed XML document containing user identity data.
- Access Granted: The SP validates the SAML assertion and grants the user access to the requested resource.
This process allows users to log in once and gain access to multiple applications without repeated logins, ensuring both security and convenience.
Implementing SAML SSO in .NET Web API
At Sparkle Web, we implemented SAML SSO for a client using the .NET framework, tackling several technical challenges to ensure a smooth and secure integration.
Key Components and Configuration
-
NuGet Packages:
- ITfoxtec.Identity.Saml2
- ITfoxtec.Identity.Saml2.MvcCore
-
Appsettings.json:
{ "Saml2": { "IdPMetadata": "https://adfs.welspun.com/federationmetadata/2007-06/federationmetadata.xml", "Issuer": "https://weldatahub.welspun.com/api/api/SSO/SSOLogin", "SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "CertificateValidationMode": "ChainTrust", "RevocationMode": "NoCheck" } } -
Program.cs Configuration:
- Setting up SAML2 authentication by reading IdP metadata and configuring the Saml2Configuration object.
- Adding logging to track configuration and authentication processes.
-
SSOController.cs:
- Handles SSO login, reads SAML response, validates it, and processes user identity claims.
- Generates tokens based on user information and redirects users to the appropriate URL.
Example
public async Task<IActionResult> SSOLogin()
{
try
{
var binding = new Saml2PostBinding();
var saml2AuthnResponse = new Saml2AuthnResponse(config);
binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);
if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
{
throw new AuthenticationException($"SAML Response status: {saml2AuthnResponse.Status}");
}
var email = saml2AuthnResponse.ClaimsIdentity.Claims
.Where(x => x.Type == SSOType)
.Select(x => x.Value)
.FirstOrDefault();
string token = await _SSOService.SSOToken(email);
var returnUrl = string.IsNullOrEmpty(token) ? SSOUrl : SSOUrl + token;
return Redirect(returnUrl);
}
catch (Exception ex)
{
_errorLogService.AddErrorLog(0, ex.Message, nameof(SSOController), nameof(SSOLogin));
return Ok(ex.Message);
}
}
At Sparkle Web, we are dedicated to enhancing your application's authentication process with secure and efficient SSO integration. Whether you need to streamline user access or improve security, our expert team is ready to help.
Ready to implement SSO in your application? Contact Sparkle Web today to learn how we can help you achieve seamless and secure authentication.
Dipak Pakhale
A skilled .Net Full Stack Developer with 8+ years of experience. Proficient in Asp.Net, MVC, .Net Core, Blazor, C#, SQL, Angular, Reactjs, and NodeJs. Dedicated to simplifying complex projects with expertise and innovation.
Reply