We have net6 asp.net intranet web application into which we need to retrofit single sign on against ADFS 2019 using OpenIdConnect. With a very simple configuration (only ClientId and Authority), we can connect to ADFS and get a user login form where the user authenticates.
But the requirement is to trigger Windows Authentication based single sign on. The user is logged into his Windows workstation and therefore after opening the browser and putting in the URL of our application, he should be automatically authenticated by ADFS without the need to provide username and password.
We tried prompt=none but ADFS server returns error requiring user’s input.
The relevant code provided here:
services.Configure<CookiePolicyOptions>(options =>
{
options.Secure = CookieSecurePolicy.Always;
});
services.AddAuthentication(o =>
{
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(o =>{o.Cookie.Name = ".AspNetAuth";})
.AddOpenIdConnect(options =>
{
Configuration.GetSection("OpenIdConnect").Bind(options);
options.Events = new OpenIdConnectEvents
{
OnRemoteFailure = ctx => {
...
ctx.HandleResponse();
return Task.CompletedTask;
},
OnTicketReceived = ctx =>
{
...
return Task.CompletedTask;
},
OnRedirectToIdentityProvider = ctx =>
{
if (!ctx.ProtocolMessage.RedirectUri.StartsWith("https") && !ctx.ProtocolMessage.RedirectUri.Contains("localhost"))
ctx.ProtocolMessage.RedirectUri = ctx.ProtocolMessage.RedirectUri.Replace("http", "https");
return Task.FromResult(0);
}
};
});