AJAX calls to web services behind ADFS authentication

• Question

• 

  

  0

  Sign in to vote

  Hi all,

  I'm new to this forum (at least at posting on it) and I don't know where to put this question, so please feel free to move it to the correct section.

  I have some aspx/vb web services behind ADFS authentication and I perform ajax calls from an iOS application, using Cordova, so I'm writing in javascript, these webservices return json data.
  By reading over blogs, forums, etc I followed this approach: I send a $.ajax request to https://mycompany.com/adfs/services/trust/13/UsernameMixed including this SOAP token:

  <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
              xmlns:a="http://www.w3.org/2005/08/addressing"
              xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
      <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
      <a:To s:mustUnderstand="1">https://mycompany.com/adfs/services/trust/13/UsernameMixed</a:To>
      <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <o:UsernameToken u:Id="uuid-6a13a244-dac6-42c1-84c5-cbb345b0c4c4-1">
          <o:Username>[Username]</o:Username>
          <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">[Password]</o:Password>
        </o:UsernameToken>
      </o:Security>
    </s:Header>
    <s:Body>
      <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
        <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
          <a:EndpointReference>
            <a:Address>https://mycompany.com</a:Address>
          </a:EndpointReference>
        </wsp:AppliesTo>
        <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
        <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
        <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
      </trust:RequestSecurityToken>
    </s:Body>
  </s:Envelope>

  This is exactly the call I perform:
  
  

  $.ajax({
    url: https://mycompany.com/adfs/services/trust/13/UsernameMixed,
    cache: false,
    contentType: "application/soap+xml; charset=utf-8",
    method: "POST",
    data: requestToken, //the token above
    success: function (authToken) {
      //"authToken" should be my valid authorization token, how can I use it?
    },
    error: function (jqXHR, textStatus, errorThrown) {
      alert("ERROR");
    },
  });

  At this point I'm not sure of what to do: should i put "authToken" in the header of all the next $.ajax call I make or should I put this in some authorization cookie like Forms Authentication does?

  Any help will be appreciated, thank you very much.

  Friday, June 26, 2015 9:38 AM