Single sign on between ASP.NET app and Office365 with on-premise ADFS STS

喜欢而已 提交于 2019-12-23 09:36:29

问题


I'm building an ASP.NET web app that authenticates users with Windows Identity Foundation.

The organization has an on-premise ADFS STS. Their Office365 authenticates through Microsoft Federation Gateway with the on-premise STS. The new web app will also authenticate against the on-premise STS with WIF.

Can I establish silent single sign on between the new app and the Office365 environment? So the user will not have to log into Office365 once he is logged into the web app and vice versa.


回答1:


Yes, you should be able to accomplish this by federating your ASP.NET application with Office365 directly. As you probably already know, typically the way this works is you have Office365 synced to on prem AD, and you have a trust set up with the on-prem ADFS server. When you're signing in to your web application the user gets redirected to Office365 to type in their UPN (typically the email address). Office365 uses that to figure out which on-prem ADFS server to redirect you to.

If you're logging on from within the domain, you get authenticated right away via windows integrated auth. ADFS will redirect you back to Office365 to establish a session, and Office365 will log you in to the application itself. If you're outside of the domain, you'll need an ADFS external proxy set up. There, instead of windows integrated auth, this special ADFS proxy will prompt the user for corporate credentials, and then redirect back to Office365 in the same way as before.

Here's a nice whitepaper that explains all of this in more detail:

http://www.microsoft.com/download/en/details.aspx?id=28971



来源:https://stackoverflow.com/questions/9583688/single-sign-on-between-asp-net-app-and-office365-with-on-premise-adfs-sts

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!