none
AJAX calls to web services behind ADFS authentication

    Question

  • Hi all,

    I'm new to this forum (at least at posting on it) and I don't know where to put this question, so please feel free to move it to the correct section.

    I have some aspx/vb web services behind ADFS authentication and I perform ajax calls from an iOS application, using Cordova, so I'm writing in javascript, these webservices return json data.
    By reading over blogs, forums, etc I followed this approach: I send a $.ajax request to https://mycompany.com/adfs/services/trust/13/UsernameMixed including this SOAP token:

    <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
                xmlns:a="http://www.w3.org/2005/08/addressing"
                xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <s:Header>
        <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
        <a:To s:mustUnderstand="1">https://mycompany.com/adfs/services/trust/13/UsernameMixed</a:To>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <o:UsernameToken u:Id="uuid-6a13a244-dac6-42c1-84c5-cbb345b0c4c4-1">
            <o:Username>[Username]</o:Username>
            <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">[Password]</o:Password>
          </o:UsernameToken>
        </o:Security>
      </s:Header>
      <s:Body>
        <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
          <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
            <a:EndpointReference>
              <a:Address>https://mycompany.com</a:Address>
            </a:EndpointReference>
          </wsp:AppliesTo>
          <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
          <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
          <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
        </trust:RequestSecurityToken>
      </s:Body>
    </s:Envelope>

    This is exactly the call I perform:

    $.ajax({
      url: https://mycompany.com/adfs/services/trust/13/UsernameMixed,
      cache: false,
      contentType: "application/soap+xml; charset=utf-8",
      method: "POST",
      data: requestToken, //the token above
      success: function (authToken) {
        //"authToken" should be my valid authorization token, how can I use it?
      },
      error: function (jqXHR, textStatus, errorThrown) {
        alert("ERROR");
      },
    });

    At this point I'm not sure of what to do: should i put "authToken" in the header of all the next $.ajax call I make or should I put this in some authorization cookie like Forms Authentication does?

    Any help will be appreciated, thank you very much.

    Friday, June 26, 2015 9:38 AM

Answers

  • The Microsoft ASP.Net forums are over here.

    http://forums.asp.net/

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, June 26, 2015 2:38 PM
    Moderator

All replies

  • The Microsoft ASP.Net forums are over here.

    http://forums.asp.net/

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, June 26, 2015 2:38 PM
    Moderator
  • Thank you very much, I reported the question here: https://forums.asp.net/p/2056641/5931171.aspx?AJAX+calls+to+web+services+behind+ADFS+authentication

    Friday, June 26, 2015 3:52 PM
  • Sounds good, you're welcome.

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, June 26, 2015 4:07 PM
    Moderator