ADFS 2.0 signout redirect not functioning - c#

In order to sign out of a web app using ADFS for authentication, using a URL that follows this form:
https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0&wreply={post-sign-out_landing_URL}
works fine. The user is taken to an ADFS site page that notifies them that they've signed out. What isn't happening is redirecting back to the web app. I've spent a long time looking around online and I am pretty confused now as to if this is possible with the wreply parameter or not. There are a few spots on msdn and blogs where it is said to just work by supplying a wreply value, but it seems like most people are not having any luck with navigating back to the RP site.
Question: On signing out from ADFS, is it possible to automatically return to the RP app? Has anyone done this successfully? There's a "Sign in as different user" option that needs to end up with the user seeing the RP sign in page.
Thanks in advance to anyone who replies.

The url cannot be just any url but rather the same exact url your application is registered in adfs for.
The redirect works and always worked for us.

Related

Asking Microsoft account password once authenticated

I'm building a web app (c#, asp.net-core-mvc) for internal use in my company. Authentication is required through user Microsoft Accounts (either through Windows Authentication or Azure, both options are working).
The issue I'm having is that I have been asked to require password confirmation when executing certain actions.
I have looked in all the documentation I could find but have not been able to find anything about this use-case.
The one thing I have found out is that it's apparently impossible with Windows Authentication since you can't log someone out.
I have been able to prompt the login page by using return Challenge();, but it loops back on the login page when you login (or shows 401 error page if you cancel), and doesn't return anything I have been able to exploit.
With Azure it also loops right back to the login page.
It would in theory be possible through Azure authentication by logging the user out and then back in, but I haven't been able to send the user back to the right page with the right information after logging back in.
So if anyone has a solution I'm ready to try anything that uses Microsoft accounts (custom user accounts isn't really an option since it's an intranet application).

login website like(FB, TWITTER ) and crawl data with c#?

I am creating a console application in c#(visual studio).
but i don't know where to start.
1st i want to login(phantomjs or selenium)>>then go to a (specified)website URL and extract html?
i want to know how to save login information in my web request.
thank you.
Long story short, it's not easy to do that just with web request because each site has its own way of managing cookies and security.
It's easier if you use a web browser control to login first. From there, the browser can obtain a valid cookie and you can start crawl data from there.
I've done a similar thing with Chegg website. For details, you can check out my repository https://github.com/hungqcao/chegg-solutions-saver
In your case, it can get a little complicated since FB, Twitter may have 2-factor authentication or something similar to that but the idea stays the same.
Let me know if you need help.

Use custom Microsoft login screens for office 365 SSO (through Azure AD)

I'm trying to implement Office 365 Single Sign On using WSFederation and I have built an ASP.NET MCV app according to these instructions.
It works to a degree; the user is directed to sign in to Azure AD and reaches the home page.
Some people who will use this app belong to companies who have their own custom Microsoft login pages- the user is redirected to these when they enter their email and press tab. If their login page is very customised, they then have to enter their email again. My question is this: is there a way to redirect the user to the custom login page automatically, since I already know which organisation they belong to?
I have tried changing the wsFederation homeRealm in the web.config to the organisation domain name, which ought to work but does not. It adds "&?whr=domain.org" (for example) to the end of the URL generated by the app. The reason it doesn't work is that when this URL is followed, Microsoft redirects the user to a slightly different address where they log in and the home realm (whr) parameter is lost.
Is there any way to automatically redirect to the organisation's login page? Or am I simply building the wrong type of app?
Thanks in advance,
LD.
Well, I seem to have answered my own question.
There are probably better ways, but this is what I did:
Using these instructions I created a sign in controller and passed the url of the actual login page (which is different from the url generated by the app) into the Redirect function. I added a whr parameter to this and everything redirects properly.

How to handle security on website with users, asp.net

Im a rookie in asp.net and have managed to make a funktional webapp. I have a login page that also works correctly and checks username and Password from my mssql db.
My Problem is that i don't know how i can disable all my other sites if your not logged in? At the Moment i can access all my pages if i only now the URL.
So how can i track if im logged in and disable the sites and also i Need to know how to make a logout link that clears all Cookies or whatever it is that saves the Information.
I know this is probably a doublepost but i havent found anything that exactly explains my Problem until now.
Thanks
You are probably looking for the authentication modules, specifically FormsAuthentication.
Start here ... http://www.asp.net/web-forms/videos/authentication

Easiest way to get web page source code from pages that require logins -- C#

So I play an online game that's web based and I'd like to automate certain things with it using C#. Problem is that I can't simply use WebClient.DownloadData() because I need to be logged in to actually recieve the source. The other alternative was to use the built-in web browser control but that doesn't give me access to source code. Any suggestions?
I don't think NetworkCredentials will work in all cases. This only works with "Basic" or "Negotiate" authentication.
I've done this before with an internal website for some load testing, but sounds like you are trying to "game" the game. For that reason I won't go into details but the login to the site is probably being done in the form of an HTTP POST when you hit the login button.
You'd have to trap the POST request and replicate it in your code and make sure that your implementation maintains the session state as well, because if the game site is written well at all it will make sure that the current session has logged in before doing anything game related.
You can set the login credentials on the webclient using its Credentials property before calling DownloadData:
WebClient client = new WebClient();
client.Credentials = new NetworkCredential("username", "password");
EDIT: As mjmarsh points out, this will only work for sites that use a challenge-response method of authentication as part of a single request (I'm so used to dealing with this at work, I hadn't considered the other types!). If the site uses forms authentication (or indeed any other form of authentication), this method will not work as the authentication is not part of a single request - multiple requests are needed that you will need to handle yourself.
Network credentials will not work as mjmarsh has already pointed out.
While web scraping we come across lot of pages where login is needed. One of the approaches I use is install fiddler and monitor the POST and GET packets while manually logging in the site. This allows you to find out how the browser emulates the login. Then you need to recreate the same process by Code.
For example, most web servers use cookies to assume the session is authenticated. So you can use the credentials to post UserName and Password on the web site and record the Cookie. This cookie can then be used to access any further details on the web site.
Please check following link to check out more about Advanced Web Scraping:
http://krishnan.co.in/blog/post/Web-Scraping-Yahoo-Mail.aspx
In this blog, you will find how to authenticate into Yahoo account and then read the page after authentication.

Categories