AD FS 2.0 and Visual Studio 2013

There are many samples of Visual Studio 2013 which work with Windows Asure Active Directory (WAAD) authentication. But I can’t find any examples going with AD FS 2.0. That’s why I wrote this entry. I’ll introduce a way to build a web application in Visual Studio 2013 working with AD FS 2.0 step by step.

Making a Visual Studio 2013 Program

First, we will make a web program using authentication by ADFS.

Select ‘File’ – ‘New’ – ‘Project’.

Select a template, ‘Installed’ – ‘Templates’ – ‘Visual C#’ – ‘Web’ – ‘ASP.NET Web Application’.

Visual Studio

Click ‘Change Authentication’.

Visual Studio

In the ‘Change Authentication’ dialog, input as follows.

  • Select ‘Organizational Accounts’
  • Select ‘On-Premises’
  • Input your Federation Metadata URL which you can find in the ADFS management tool. (ex. ‘https://fs.example.com/FederationMetadata/2007-06/FederationMetadata.xml’)
  • Input your Application URI. In this example, we use ‘https://iis.example.com/mywebapp’.

Visual Studio

Click ‘OK’ twice.

Next step is to build and publish the program to IIS. You need to run Visual Studio as administrator. This example assumes that IIS is running on localhost.

Select your project and then select ‘Build’ – ‘Publish MyWebApp’

Name your profile.

Visual Studio

Enter your IIS information. In this example, we publish the program to ‘Default Web Site/mywebapp’. If you failed to validate connection, make sure that ‘Web Management Service’ is running and you run Visual Studio as administrator.

Visual Studio

Skip Setttings and Preview pages and press ‘Publish’.

After publication, ignoring certification warnings, you will be redirected to the ADFS in your web blowser. And then authentication will fail. We still need to setup the AD FS side.

Setup Active Directory Federation Services 2.0

We will configure AD FS.

Choose ‘Add Relying Party Trust’ in the ‘AD FS Management’ tool. And click ‘Start’ in the wizard.

ADFS configuration

Select ‘Enter data about the relying party manually’.

ADFS configuration

Enter ‘Display Name’ to distinguish entries.

ADFS configuration

Choose ‘AD FS profile’

ADFS configuration

Skip the ‘Configure Certificate’ page.

Select ‘Enable support for the WS-Federation Passive protocol’, and enter your application-URL (https://iis.example.com/mywebapp) in the ‘Configure URL’ page.

ADFS configuration

Make sure that your application URL is listed as ‘Relying party trust identifier’ and click Next.

ADFS configuration

Select ‘I do not want to configure multi-factor authentication settings for this relying party trust at this’

ADFS configuration

Select ‘Permit all users to access this relying party’.

ADFS configuration

Click Next in the ‘Ready to Add Trust’ page and Close the Finish page.

After all, your application is ready to work with AD FS. Access your application URL (https://iis.example.com/mywebapp/). Don’t forget last slash in your URL. After authenticated by AD FS, you will see the ASP.NET template page.

Because this is a sample scenario, detailed settings, such as certification configuration, are skipped. You will need to modify configuration to deploy the program in production environment.

Leave a Reply

Your email address will not be published. Required fields are marked *


*