Blog: Consuming a web service with Claims Based Authentication and ADFS programmatically

The problem

Many of our customers are nowadays using Authentication in combination with ADFS (Active Directory Federation Services). The result is an increased complexity, especially if you want to approach resources from third party sites. For example: getting data by using a web service.

In our situation, we try to connect a SharePoint 2013 web service to get access to some product data. In this blog, we will describe every step to accomplish our mission. We used Fiddler, a custom console application and code snippets to build this blog.

Authors of this blog: Marcel Buckens, Consultant at Portiva & Theo de Groot, Developing Consultant.

SharePoint Infrastructure with ADFS

In the picture below you’ll see the “basic” infrastructure. Of course there are more servers, routers, switches etcetera but for our example just fine.
First of all we have our client. If this is a server or client pc doesn’t change much for this example. Basically you’re connecting from one place to another and you need to authenticate before you’re allowed to receive any data from the source. In our case we are connecting to SharePoint 2013 on-premises, running in Microsoft Azure, which is using a corporate ADFS. The example works fine in our situation. For connecting to another infrastructure (for example O365), you have to change to code to that particular situation. The idea will be still the same.to SharePoint Online which is using a corporate ADFS.


Step 1 - Starting Console Application to test consuming a web service

We created this test with Visual Studio 2013. First we start a new Console Application. We did use the name 'TestWebServiceWithADFS'.



Add the references below. As you see, we used a Codeplex assembly (HtmlAgilityPack), which can be downloaded at http://htmlagilitypack.codeplex.com/. This assembly makes it possible to use HtmlDocument (var htmlDocument = new HtmlDocument();)



Add a Web Reference to the web service you want to approach.



Look at the Program.cs file. This is the place where we implement the code below.


Step 2 - Starting the perticular SharePoint Site

In this step, we will access a SharePoint Site with Claims based authentication in the perticular SharePoint farm. Replace the Login, Password and URI in the code below and put the code in the MAIN method.



You will get a response back after this request as shown in the Fiddler output below.




Step 3 - Redirection to ADFS

The respons from step 2 has a property called 'StateCode'. In a situation with ADFS, the value of this property will be 'HttpStatusCode.Redirect'. Now we have to implement the code to redirect to the ADFS server. Put this code below the code of step 2.



You wil get a response back after this request as shown in the Fiddler output below.




Step 4 - Login

Now we are redirected, we have to login to the ADFS server. This is possible with posting the login and password. Put the code below in your application.



After authentication, the ADFS server will send you a cookie with a SAML message. In step 5, we will use this cookie.


Step 5 - SAML

In step 4, you will get a cookie response as shown in the Fiddler output below.



Now we have to get this cookie and save the SAML message in our cookie container. Implement the code below.




Step 6 - Login to SharePoint

With the SAML cookie of step 5, we can Login to the SharePoint Site of step 2. This is only possible by posting an encoded cookie. Implement the code below.



In the Fiddler output below, we show you the request we did.




Step 7 - Get FedAuth cookie

The request of step 6 will result in a response. With this response, a 'FedAuth' cookie will be send. We have to get and save this FedAuth cookie. Implement the code below.




Step 8 - Open SharePoint Site

Now we have a FedAuth cookie, we can open the SharePoint Site. Implement the code below.



We are in!


Step 9 - Implement needed methods

In the code, we use two methods. Of course these methods has to be implemented also in the Program.cs file.



You can run the Console Application right now. In step 10, we will implement a method to call the web service.


Step 10 - Call web service

This step is optional to explain your call to the web service. First: change the URI in step 2 to access the web service.



Second: Call including the FedAuth cookie




Disclaimer

We created a console application for you that can call a web service with CLaims Based Authentication and ADFS. The code is free for use.

info@sharetwo.nl

Privacy | Disclaimer | LinkedIn