Working example of SAML Single Sign-On integration using C#

What is Single Sign-On at all?

Suppose you have a web application that people are using to do one thing X, but you are doing it great. For example, it would be a web store allowing to order a custom T-shirt printing by uploading some funny and pretty images found in the internet.

SAML

SAML is one of the standard ways of doing Single Sign-On. For a long time, extensive enterprise services use this mechanism as one of the most secure and proven methods to exchange sensitive authentication and authorization information, like logins, passwords, emails, user accounts, etc. But it’s not that complicated to add this solution between smaller businesses and enable cool integrations.

SAML Workflow

Usually, the “classic” SAML workflow includes 3 parties:

  • Identity Provider — this is some (enterprise) trused authentication service, that is able to proof the user identify and tell the Service Provider that “he is OK!”.
  • User Agent — a browser with your Web Store opened by a user
Classic SAML

First step of the integration

The first thing is an agreement with some service provider to have an integration with your service.

Integration workflow

You have a web application that implements some authentication workflow and allows users to sign in with their login and password. It means that you are the Identity Provider, and by doing this, you can eliminate some redundant steps and make a process simpler. So, imagine that we combine Identity Provider and your Web Store into one entity, like this:

Simple SAML scenario
Under the hood of SAML authentication
Injecting SAML assertion into SAMLResponse

The End

Some service providers may avoid specific steps and do not require the signature or encryption. In this case, you may remove these parts of the code. Overall, feel free to use my examples in your apps, and I hope this will help you and your application engage users and grow the customer base.

Related links

Senior Software Engineer and Engineering manager with 10+ years of experience in development of high loaded online systems.