Authenticate user by ADFS (Active Directory Federation Service)

Question

I need to check whether particular user exist OR not in Active Directory by ADFS.

So, I want my ADFS to check user Authentication

Answer 1

To use Username/Password authentication you can use the

trust/13/UsernameMixed

endpoint of the ADFS 2.0.

This does NOT check if the user exists in the Active Directory!

In code you request the token like this:

WSTrustChannelFactory adfsfactory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
                            StsEndpoint);

adfsfactory.TrustVersion = TrustVersion.WSTrust13;

// Username and Password here...
factory.Credentials.UserName.UserName = "domain\username";
factory.Credentials.UserName.Password = "password";

IWSTrustChannelContract channel = adfsfactory.CreateChannel();

// request the token
SecurityToken token = channel.Issue(rst);

Then create the channel factory for your service using your token:

var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message);

var factory = new ChannelFactory<IYourInterface >(binding, "your service address");

factory.ConfigureChannelFactory();

IYourInterface channel = factory.CreateChannelWithIssuedToken(token);

Hope this helps!

Answer 2

The AD FS 2.0 sign-in pages support username/password authentication out of the box. No code or customizations necessary.

Answer 3

As per @Marnix, this is out the box behavior.

However, just to point out:

Authenticating the user is NOT the same as checking whether a particular user exists in Active Directory.

e.g. the user could be locked out. He still exists in AD but will not be able to authenticate.