[Mono-aspnet-list] [Spam] Integrating/Authentication ASP .NET application(s) to/with Shibboleth

Ryan Davis ryan at acceleration.net
Fri Jul 26 14:19:08 UTC 2013


Shibboleth is a complicated system, but you can break it down into a few 
parts. Grossly oversimplifying:

  * Identity provider (IdP) - this service handles authentication; your
    users type in their username and password here.
  * Service Provider (SP) - this service runs on the same server as your
    ASP.NET application, and talks back and forth with the IdP. You tell
    the SP what URLs are protected, and the SP intercepts HTTP traffic,
    redirecting people to the IdP for authentication first if someone
    requests for a protected URL. When the IdP authenticates the user,
    it redirects back to your SP with data about the authenticated user
    (e.g. username). The SP adds this information as custom HTTP
    headers, then finally sends the request to your ASP.NET application
  * The ASP.NET application looks in HttpRequest.Headers for information
    about the logged in user

What you do with it from there is up to you. If you're using ASP.NET 
MVC, it's pretty easy to make an AuthorizeAttribute that looks to the 
headers; if you're using ASP.NET webforms maybe you have a 
Begin_Request() in your global.asax.cs that reads the headers and sets 
HttpContext.User.

Most of the work with getting Shibboleth setup is in running the SP 
daemon and establishing trusted connections with the IdP - there's some 
metadata and key exchanges that you need to work out with the folks 
running the IdP, and then they need to explicitly authorize your SP. You 
should ask on shibboleth mailing lists 
<http://shibboleth.net/community/lists.html> for help with that. It's 
not that difficult, it's just a lot of nitty-gritty details that all 
have to match perfectly.

Good luck,

Ryan Davis
Director of Programming, Acceleration.net
2837 NW 41st Street, Unit 320
Gainesville, FL 32606
352-335-6500 x124
http://www.acceleration.net

On 07/26/2013 08:31 AM, Gilles Badouet wrote:
> Hello all,
>
> I am new in this mailing list.
> Can anyone here describe me how to integrate an ASP .NET application 
> to Shibboleth, indeed for the authentication mechanism.
> I would like to do so, but don't know how to proceed, the steps to 
> follow ... I read Shibboleth documentation, but still I cant 
> understand what are the processes.
>
> I would appreciate if anyone here can help me by providing few steps 
> to follow and if possible how; or any links providing such 
> implementations examples.
>
> Kind regards
>
> Gilles Rubens Badouet
>
> Student ID: 3940347
>
> Faculty of Engineering and Computing
>
> MSc Network Computing Course
>
> Mobile: 07424486426
>
>
>
> _______________________________________________
> Mono-aspnet-list mailing list
> Mono-aspnet-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-aspnet-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-aspnet-list/attachments/20130726/8c46f91c/attachment.html>


More information about the Mono-aspnet-list mailing list