We have a Web Forms application we inherited to maintain that is using your old version 2.2.0.7. We are migrating that application to latest .NET 4.72, and have moved the application to ASP .NET Identity, away from FormsAuthentication. As such we are not using any Forms Authentication. Your examples include old style Web Forms application and a MVC application, but there is no example for Web Forms that used Identity. I downloaded the samples and I am not sure what is the best path for us.
The application uses only SSO, and here are some code parts:
Page_Load()…
SAMLResponse resp = CreateSAMLResponse();
SendSAMLResponse(resp, targetURL);
…
So now, I see a new example using SAMLIdentityProvider.
I do not know what has the 3rd party implemented in their back end, and am trying to see what approach we need to take.
Thanks.
Version 2.2.0.7 dates back to 2009.
It supports what we now refer to as the SAML low-level API.
Several years ago we added a SAML high-level API to make it easier to add support into applications.
We support both APIs but the high-level API is the preferred approach.
Switching from the low-level to high-level API is recommended as it will mean less code to maintain in the future.
It also means that you can take advantage of our SAML configuration support (eg using a saml.config file).
This keeps the configuration out of your code and makes it easier to add partner providers in the future if required.
I suggest taking a look at the MvcExampleIdentityProvider and in particular the SamlController class to see how to call the SAML API.
Rather than a controller class you will have aspx pages but hopefully the flow is easy enough to follow.
The ExampleIdentityProvider demonstrates the same calls in a web forms application.
As you noted this still uses forms authentication.
However, the calls to the SAML API are independent from the authentication mechanism employed by your application.