AspNetSaml 2.1.1

There is a newer version of this package available.
See the version list below for details.
dotnet add package AspNetSaml --version 2.1.1                
NuGet\Install-Package AspNetSaml -Version 2.1.1                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="AspNetSaml" Version="2.1.1" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add AspNetSaml --version 2.1.1                
#r "nuget: AspNetSaml, 2.1.1"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install AspNetSaml as a Cake Addin
#addin nuget:?package=AspNetSaml&version=2.1.1

// Install AspNetSaml as a Cake Tool
#tool nuget:?package=AspNetSaml&version=2.1.1                

alternate text is missing from this package README image

AspNetSaml

Very short and simple SAML 2.0 "consumer" implementation in C#.

It's a SAML client library, not a SAML server. As in - allows adding SAML single-sign-on to your ASP.NET app, but not to provide auth services to other apps. In other words, it's a library for "service-providers" not for "identity providers".

Installation

Install-Package AspNetSaml

Adds a very small .NET Standard 2.0 library (11KB dll) that works with both ASP.NET Core and the "old" ASP.NET Framework. Please refer to releases for the change log.

Usage

How SAML works? (please read this)

SAML workflow has 2 steps:

  1. User is redirected to the SAML provider (with some magic in the query-string) where he authenticates
  2. User is redirected back to your app, where you validate the payload

Here's how you do it (this example is for ASP.NET Core MVC):

1. Redirecting the user to the saml provider:

//this example is an ASP.NET Core MVC action method
public IActionResult Login()
{
	//TODO: specify the SAML provider url here, aka "Endpoint"
	var samlEndpoint = "http://saml-provider-that-we-use.com/login/";

	var request = new AuthRequest(
		"http://www.myapp.com", //TODO: put your app's "entity ID" here
		"http://www.myapp.com/SamlConsume" //TODO: put Assertion Consumer URL (where the provider should redirect users after authenticating)
	);

	//now send the user to the SAML provider
	return Redirect(request.GetRedirectUrl(samlEndpoint));
}

2. User has been redirected back

User is sent back to your app - you need to validate the SAML response ("assertion") that you recieved via POST.

Here's an example of how you do it in ASP.NET Core MVC

//ASP.NET Core MVC action method... But you can easily modify the code for old .NET Framework, Web-forms etc.
public async Task<IActionResult> SamlConsume()
{
	// 1. TODO: specify the certificate that your SAML provider gave you
	string samlCertificate = @"-----BEGIN CERTIFICATE-----
BLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAH123543==
-----END CERTIFICATE-----";

	// 2. Let's read the data - SAML providers usually POST it into the "SAMLResponse" var
	var samlResponse = new Response(samlCertificate, Request.Form["SAMLResponse"]);

	// 3. DONE!
	if (samlResponse.IsValid()) //all good?
	{
		//WOOHOO!!! the user is logged in
		var username = samlResponse.GetNameID(); //let's get the username
		
		//the user has been authenticated
		//now call context.SignInAsync() for ASP.NET Core
		//or call FormsAuthentication.SetAuthCookie() for .NET Framework
		//or do something else, like set a cookie or something...
		
		//FOR EXAMPLE this is how you sign-in a user in ASP.NET Core 3,5,6,7
		await context.SignInAsync(new ClaimsPrincipal(
			new ClaimsIdentity(
				new[] { new Claim(ClaimTypes.Name, username) },
				CookieAuthenticationDefaults.AuthenticationScheme)));
		
		return Redirect("~/");
	}
	
	return Content("Unauthorized");
}

Bonus: reading more attributes from the provider

SAML providers usually send more data with their response: username, first/last names etc. Here's how to get it:

if (samlResponse.IsValid())
{
	//WOOHOO!!! user is logged in

	//Some more optional stuff
	//let's extract username/firstname etc
	try
	{
		var username = samlResponse.GetNameID();
		var email = samlResponse.GetEmail();
		var firstname = samlResponse.GetFirstName();
		var lastname = samlResponse.GetLastName();
		
		//or read some custom-named data that you know the IdP sends
		var officeLocation = samlReponse.GetCustomAttribute("OfficeAddress");
	}
	catch (Exception ex)
	{
		//insert error handling code
		//in case some extra attributes are not present in XML, for example
		return null;
	}
}

Notes about the source code

All the functionality sits in one single short file Saml.cs other stuff in this repo are just unit tests, nuget-packaging etc. You can take that file and throw it in your project, it should work just fine.

P.S. This library has been battle-tested for years in production in our helpdesk app please check it out if you're looking for a ticketing system for your team. Cheers.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on AspNetSaml:

Package Downloads
Infotekka.LightSaml

A very simple SAML impelmentation using Jitbit's AspNetSaml package: https://www.nuget.org/packages/AspNetSaml/2.1.0

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.1.2 185,007 1/5/2024
2.1.1 9,451 11/19/2023
2.1.0 40,262 7/10/2023
2.0.1 58,993 4/18/2023
2.0.0 14,466 1/27/2023
2.0.0-beta 174 1/25/2023
1.2.5 64,056 5/24/2022
1.2.4 70,825 7/4/2021
1.2.3 90,170 9/17/2020
1.2.2 25,886 4/12/2020
1.2.1 116,873 3/12/2019
1.2.0 62,891 11/10/2017