Integrating CRM with ASP.NET Application (Passive federation - SSO)

Hey Guys,

I went back a little got this sample out from my source directory. Today I'm expanding a bit on existing sample for building an SSO based application to integrate with Dynamics CRM. I have collated few samples and concepts from below articles:

• Walkthrough: Single Sign-on from a Custom Web Page
• CRM 2011 and ASP.NET Single Sign-on: Use WAUTH for Integrated Web Apps (Thanks to Austin jones for this explanation)

It's really important for you to understand on how WAUTH is used. The blog article above really helps you to understand this from the expert level point of view. To go more in depth about the SAML Based Authentication Context, you can see the below table at: Supported SAML Authentication Context Classes and Strengths

Authentication Method	Authentication Context Class URI
User Name and Password	urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Password Protected Transport	urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Transport Layer Security (TLS) Client	urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
X.509 Certificate	urn:oasis:names:tc:SAML:2.0:ac:classes:X509
Integrated Windows Authentication	urn:federation:authentication:windows
Kerberos	urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos

Now, I'll go ahead and walk you through the steps required to build your application:

• • Create a new Project "ASP.NET" Web Application in Visual Studio
  • You can choose to write the below sample to display the post login information as below:

• • Now go ahead and Publish your website in IIS / or Host your site.
  • While the hosting is done and mapped to your local path. I'd choose a custom header for my website to look like below

• • I chose https://custom.domain.com:82/Welcome.aspx. Be sure to select your "Wild Card certificate". I'm using the same as I have for ADFS STS (With onebox setup)
  • Go ahead and download the WIF SDK
  • Go to Programs, and Select "Windows Identity Federation Utility Wizard" (FedUtil.exe) - Please ensure to open this with "Run as Administrator" option.
  • While you keep running this tool with Next option, you'll be providing below information
  •    - Custom Web Url: https://custom.domain.com:82/Welcome.aspx

•                  - STS Url: https://sts.domain.com/FederationMetadata/2007-06/FederationMetadata.xml

• • I've added few screen shots below

• • Now open Global.asax to use the code from https://blogs.msdn.com/b/crminthefield/archive/2013/10/30/crm-2011-and-asp-net-single-sign-on-use-wauth-for-integrated-web-apps.aspx. This will help you choose if you need IFD Redirected page or Claims Page. For demo I've just used this below:

• These steps will be helpful for you to create your application.

Happy CRM Integration :)

Cheers,
Apurv