[Mono-aspnet-list] [Spam] Integrating/Authentication ASP .NET application(s) to/with Shibboleth

Gilles Badouet badouetg at uni.coventry.ac.uk
Sat Jul 27 03:59:48 UTC 2013 

Hi Ryan,

Thanks for your email and some precisions.

I already have an IdP and SP implemented and talking each other well.  My SP is within IIS7 and my IdP running within a a servlet container (Tomcat 6). Both are in two different boxes (With Windows 2008 Sever and Windows 7). I also implemented an LDAP server (OpenDJ 2.7) to authenticate users near the IdP. I put a simple HTML page in a ../secure directory within IIS and create some users in the LDAP server to test the authentication, that also work successfully;  after being authenticated, a user access successfully the protected html page.

So everything is set up and I now need to integrate ('Shibbolize')  a real application (The ASP .NET application) that I should acquire from elseone. I am not an ASP .NET developer by the way and my programming skills neither good. Thus I am quite confused by  what to ask to the ASP application developer to modify in regard to Shibboleth,  neither I know what files and what xml elements to configure in Shibboleth side since there is none precision in the Shibboleth official documentation mostly regarding ASP .NET applications.






Kind regards





Gilles Rubens Badouet

Student ID: 3940347

Faculty of Engineering and Computing

MSc Network Computing Course

Mobile: 07424486426

________________________________
From: Ryan Davis <ryan at acceleration.net>
Sent: 26 July 2013 15:19
To: Gilles Badouet
Cc: mono-aspnet-list at lists.ximian.com
Subject: Re: [Spam] [Mono-aspnet-list] Integrating/Authentication ASP .NET application(s) to/with Shibboleth

Shibboleth is a complicated system, but you can break it down into a few parts. Grossly oversimplifying:

  *   Identity provider (IdP) - this service handles authentication; your users type in their username and password here.
  *   Service Provider (SP) - this service runs on the same server as your ASP.NET application, and talks back and forth with the IdP. You tell the SP what URLs are protected, and the SP intercepts HTTP traffic, redirecting people to the IdP for authentication first if someone requests for a protected URL. When the IdP authenticates the user, it redirects back to your SP with data about the authenticated user (e.g. username). The SP adds this information as custom HTTP headers, then finally sends the request to your ASP.NET application
  *   The ASP.NET application looks in HttpRequest.Headers for information about the logged in user

What you do with it from there is up to you. If you're using ASP.NET MVC, it's pretty easy to make an AuthorizeAttribute that looks to the headers; if you're using ASP.NET webforms maybe you have a Begin_Request() in your global.asax.cs that reads the headers and sets HttpContext.User.

Most of the work with getting Shibboleth setup is in running the SP daemon and establishing trusted connections with the IdP - there's some metadata and key exchanges that you need to work out with the folks running the IdP, and then they need to explicitly authorize your SP. You should ask on shibboleth mailing lists<http://shibboleth.net/community/lists.html> for help with that. It's not that difficult, it's just a lot of nitty-gritty details that all have to match perfectly.

Good luck,


Ryan Davis
Director of Programming, Acceleration.net
2837 NW 41st Street, Unit 320
Gainesville, FL 32606
352-335-6500 x124
http://www.acceleration.net


On 07/26/2013 08:31 AM, Gilles Badouet wrote:
Hello all,

I am new in this mailing list.
Can anyone here describe me how to integrate an ASP .NET application to Shibboleth, indeed for the authentication mechanism.
I would like to do so, but don't know how to proceed, the steps to follow ... I read Shibboleth documentation, but still I cant understand what are the processes.

I would appreciate if anyone here can help me by providing few steps to follow and if possible how; or any links providing such implementations examples.






Kind regards





Gilles Rubens Badouet

Student ID: 3940347

Faculty of Engineering and Computing

MSc Network Computing Course

Mobile: 07424486426



_______________________________________________
Mono-aspnet-list mailing list
Mono-aspnet-list at lists.ximian.com<mailto:Mono-aspnet-list at lists.ximian.com>
http://lists.ximian.com/mailman/listinfo/mono-aspnet-list


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-aspnet-list/attachments/20130727/1891f305/attachment-0001.html>

More information about the Mono-aspnet-list mailing list