Tag Archives: ASP.NET MVC

Ultimate SAML now supports ASP.NET MVC

MVC support feature and an illustrative example have been requested by so many customers and today we would like to introduce the IdP-Initiated SAML MVC application example using the latest version of the Ultimate SAML component.

To open the MVC example solution, navigate to “Samples\Mvc\Saml\CS\Saml2IdpInitiatedMvc” and double-click on the solution file. The example is very similar to the ASP.NET Saml2IdPInitiated. They share the same logic to authenticate users, check SAML data and navigate to the provider sites. The only difference in SAML code segments is that the MVC’s apps use overloads that have the HttpRequestBase and HttpResponseBase classes as parameters’ types instead of ASP.NET’s HttpRequest and HttpResponse classes. If you open a file named ConsumerService.aspx.cs in the SP project, you will see similar syntax as shown below:

C#:

// Create a SAML response from the HTTP request.
ComponentPro.Saml2.Response samlResponse = ComponentPro.Saml2.Response.Create(Request);

// Is it signed?
if (samlResponse.IsSigned())
{
    // Loaded the previously loaded certificate.
    X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.CertKeyName];

    // Validate the SAML response with the certificate.
    if (!samlResponse.Validate(x509Certificate))
    {
        throw new ApplicationException("SAML response signature is not valid.");
    }
}

VB.NET:

' Create a SAML response from the HTTP request.
Dim samlResponse As ComponentPro.Saml2.Response = ComponentPro.Saml2.Response.Create(Request)

' Is it signed?
If samlResponse.IsSigned() Then
    ' Loaded the previously loaded certificate.
    Dim x509Certificate As X509Certificate2 = CType(Application([Global].CertKeyName), X509Certificate2)

    ' Validate the SAML response with the certificate.
    If (Not samlResponse.Validate(x509Certificate)) Then
        Throw New ApplicationException("SAML response signature is not valid.")
    End If
End If

Here are some screenshots of the examples:

Identity Provider MVC website:

Service Provider MVC website: