Using a Sample Windows NT Token-based Application as an Alternative to SharePoint
This article can be used as a supplement to the ADFS Step-by-Step Guide. It includes instructions for setting up a sample Windows NT token-based application on the Web server (adfsweb) as an alternative to using Windows SharePoint Services. This sample application is a basic blog application made up of 7 files that you create from the instructions in this post.
***This posting is provided "AS IS" with no warranties, and confers no rights.***
To make this sample application work in conjunction with the latest version of the ADFS Step-by-Step Guide, follow the guidance below. I know this looks like a lot of work but it really only takes a couple of minutes to follow these instructions. The end result is that you will have a functional and printable step-by-step document that only includes instructions for setting up two sample applications (without SharePoint) in your ADFS test lab environment:
Download the latest version of the ADFS Step-by-Step Guide (here).
In Step 3: Configuring the Web Server you will notice that this chapter is made up of two sections, the first section is about installing and configuring SharePoint and the second is about installing and configuring the claims-aware sample app. You will need to leave the claims-aware instructions in this chapter untouched and only remove the instructions related to SharePoint. This means that you need to remove all of the content under the heading Install and Configure Windows SharePoint Services along with the content under its three subheadings (Install Windows SharePoint Services, Configure Windows SharePoint Services Access Permissions and Configure IIS and the ADFS Web Agent). Now you can copy all of the instructions under the heading in this post titled Install and Configure a Sample Windows NT Token-based Application and paste it into the location where you removed the SharePoint content.
Replace one small procedure titled Add a Windows NT Token-based Application (in Step 4 of the document) with the procedure in this post titled Add a Sample Windows NT Token-based Application.
In Step 5: Accessing Federation Applications from the Client Computer remove all of the content in the two headings Access the Windows SharePoint Services Application and Access the Windows SharePoint Services Application with Administrative Privileges from the document and replace it with the procedure titled Access the Sample Windows NT Token-based Application in this post.
(Optional) If you want to have a printable document that does not include any SharePoint instructions whatsoever then you might want to remove the contents under Appendix A and Appendix B from the original ADFS Step-by-Step document.
Copy the entire contents under the heading Appendix A: Creating the Sample Windows NT Token-based Applicationin this post and paste it into the document after Step 5.
That’s it! You now have a SharePoint-free ADFS Step-by-Step Guide.
Install and Configure a Sample Windows NT Token-based Application
Use the following procedures to configure Internet Information Services (IIS)settings and to configure access to the Windows NT token–based sample application on the adfsweb computer.
· Configure IIS and the ADFS Web Agent
· Configure the Windows NT Token-based Application for Read/Write Access
Configure IIS and the ADFS Web Agent
Use the following procedure to configure IIS and the ADFS Web Agent.
To configure IIS and the ADFS Web Agent
1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. 2. In the console tree, double-click ADFSWEB, right-click Web Sites, and then click Properties. 3. On the ADFS Web Agent tab, in Federation Service URL, type https://adfsresource.treyresearch.net/adfs/fs/FederationServerService.asmx, and then click OK. 4. In the console tree, right-click Default Web Site, point to New, and then click Virtual Directory. 5. On the Welcome to the Virtual Directory Creation Wizard page, click Next. 6. On the Virtual Directory Alias page, in Alias, type tokenapp, and then click Next. 7. On the Web Site Content Directory page, click Browse, highlight the c:\inetpub\wwwroot folder, click the Make New Folder button, name the folder tokenapp, click OK, and then click Next. Note Do not use capital letters in the tokenapp folder name. If this folder name contains capital letters, users must also use capital letters when they type the address of the Web site. 8. On the Virtual Directory Access Permissions page, select the Read and Run scripts check boxes, and then click Next. 9. On the You have successfully completed the Virtual Directory Creation Wizard page, click Finish. 10. Right-click tokenapp, and then click Properties. 11. On the ASP.NET tab, in the ASP.NET version menu, make sure that 2.0.50727 is selected. 12. On the ADFS Web Agent tab, select the Enable the ADFS Web Agent for Windows NT token-based applications check box, and then click OK to accept the default values. When you see the prompt that explains that this will enable anonymous access, click OK. Note The value in Return URL on this property page must match precisely with the Application URL value that you specify when you set up the application on the Federation Service for Trey Research. 13. Create the seven files that make up the Windows NT token–based sample application by using the procedures in Appendix A: Creating the Windows NT Token-based Sample Application. After you create them, copy the files into the c:\inetpub\wwwroot\tokenapp folder. |
Configure the Windows NT Token–based Application for Read/Write Access
Use the following procedure to configure the Windows NT token–based application for Read/Write access.
To configure the Windows NT token–based application for Read/Write access
1. Start Windows Explorer. 2. Click the C: folder. 3. Right-click the file named blog.txt, and then click Properties. 4. Click the Security tab, and then click Add. Note To perform this step, you should be logged on as a domain administrator and not as a local administrator. 5. Type adatumtokenappusers, and then click OK. 6. Under Group or user names, highlight adatumtokenappusers, select the Write check box, and then click OK. |
Add a Sample Windows NT Token–based Application
Use the following procedure on the adfsresource computer to add a Windows NT token–based application to the Federation Service for Trey Research.
To add a Windows NT token–based application
1. Click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Federation Services. 2. Double-click Federation Service, double-click Trust Policy, double-click My Organization, right-click Applications, point to New, and then click Application. 3. On the Welcome to the Add Application Wizard page, click Next. 4. On the Application Type page, click Windows NT token–based application, and then click Next. 5. On the Application Details page, in Application display name, type Token-based Application. 6. In Application URL, type https://adfsweb.treyresearch.net/tokenapp/ , and then click Next. 7. On the Accepted Identity Claim page, click User principal name (UPN) , and then click Next. 8. On the Enable this Application page, ensure that the Enable this application check box is selected, and then click Next. 9. On the Completing the Add Application Wizard page, click Finish. |
Access the Sample Windows NT Token–based Application
Use the following procedure to access the Windows NT token–based application from a client that is authorized for that application.
To access the Windows NT token–based application
1. Log on to the adfsclient computer as Adamcar. 2. Open a browser window, and then navigate to https://adfsweb.treyresearch.net/tokenapp/ . Note If you did not install the certificates from the previous procedures, you will be prompted twice (in the Security Alert dialog box) for certificate information. You can install each certificate by clicking View Certificate and clicking Install, or you can click Yes each time that you are prompted. 3. When you are prompted for your home realm, click A. Datum, and then click Submit. Note If you did not install the certificate from the previous procedure, you will be prompted one more time for a certificate. 4. At this point you should see the Windows NT token–based sample application. You should have both Read and Write access to the blog. 5. Log off as Adamcar, and then log on as Alansh. Repeat steps 2 through 4 of this procedure. Notice that Alan can read blog messages, but he does not have access rights to submit a blog message. |
Appendix A: Creating the Sample Windows NT Token-based Application
To test token-based authorization using Active Directory Federation Services (ADFS) you need a Windows NT token-based application. This section includes instructions for setting up a sample Windows NT token-based application on your Web server. By using this sample Windows NT token-based application and the supporting instructions in Step 3: Configuring the Web Server together, you can complete the Web server setup process and prepare the application for testing from the client computer.
This application is made up of the following seven files:
· Default.htm
· Blog.aspx
· Blog.aspx.cs
· Message.aspx
· Message.aspx.cs
· Web.config
· Blog.txt
For this application to function correctly, you must use the following procedures to create each of the required files in order. After you create them, move the files to the C:\inetpub\wwwroot\tokenapp directory on the adfsweb computer.
· Create the Blog.aspx.cs File
· Create the Message.aspx File
· Create the Message.aspx.cs File
Create the Default.htm File
Use the following procedure to create the default.htm file.
To create the default.htm file
1. Start Notepad. 2. Copy and paste the following code into a new Notepad file: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="https://www.w3.org/1999/xhtml" > <head> <title>Windows NT token-based Sample Application</title> </head> <body> <b><font size="4">Windows NT token-based Sample Application</font></b> <p><a href="message.aspx">Read blog</a> <br /> <a href="blog.aspx">Write blog</a> </p> </body> </html> 3. Save the Notepad file as default.htm in the c:\inetpub\wwwroot\tokenapp directory. |
Create the Blog.aspx File
Use the following procedure to create the blog.aspx file.
To create the blog.aspx file
1. Start Notepad. 2. Copy and paste the following code into a new Notepad file: <%@ Page language="c#" Inherits="CHWWebApp.WebForm1" CodeFile="blog.aspx.cs" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Write Blog Message</title> <meta name="GENERATOR" Content="Microsoft FrontPage 6.0"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="https://schemas.microsoft.com/intellisense/ie5"> </HEAD> <body> <form id="Form1" method="post" runat="server"> <asp:TextBox ID="TextBox1" runat="server" Height="146px" Width="451px"></asp:TextBox> <br /> <asp:Button ID="Button2" runat="server" OnClick="Button2_Click" Text="Submit Message" /> <asp:Label ID="Label1" runat="server"></asp:Label> </form> </body> </HTML> 3. Save the Notepad file as blog.aspx in the c:\inetpub\wwwroot\tokenapp directory. |
Create the Blog.aspx.cs File
Use the following procedure to create the blog.aspx.cs file.
To create the blog.aspx.cs file
1. Start Notepad. 2. Copy and paste the following code into a new Notepad file: using System; using System.IO; using System.Collections; using System.ComponentModel; using System.Data; using System.Drawing; using System.Web; using System.Web.SessionState; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.HtmlControls; using System.Web.Security.SingleSignOn; using System.Threading; using System.Security.Principal;
namespace CHWWebApp { /// <summary> /// Summary description for WebForm1. /// </summary> public partial class WebForm1 : System.Web.UI.Page {
#region Web Form Designer generated code override protected void OnInit(EventArgs e) { // // CODEGEN: This call is required by the ASP.NET Web Form Designer. // InitializeComponent(); base.OnInit(e); }
/// <summary> /// Required method for Designer support - do not modify /// the contents of this method with the code editor. /// </summary> private void InitializeComponent() { } #endregion protected void Button2_Click(object sender, EventArgs e) { try {
using (StreamWriter sw = new StreamWriter("c:\\blog.txt")) { sw.Write(this.TextBox1.Text.ToString()); this.Label1.Text = "Note successfully saved by " + WindowsIdentity.GetCurrent().Name + " @ " + System.DateTime.Now.ToString(); } }
catch (System.Exception exception) { this.Label1.Text = "Note could not be written to file " + exception.Message.ToString(); this.Label1.Text = this.Label1.Text + " " + WindowsIdentity.GetCurrent().Name; }
} } } 3. Save the Notepad file as blog.aspx.cs in the c:\inetpub\wwwroot\tokenapp directory. |
Create the Message.aspx File
Use the following procedure to create the message.aspx file.
To create the message.aspx file
1. Start Notepad. 2. Copy and paste the following code into a new Notepad file: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="message.aspx.cs" Inherits="message" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="https://www.w3.org/1999/xhtml" > <head runat="server"> <title>Read Blog Message</title> </head> <body> <form id="form1" runat="server"> <div>
</div> </form> </body> </html> 3. Save the Notepad file as message.aspx in the c:\inetpub\wwwroot\tokenapp directory. |
Create the Message.aspx.cs File
Use the following procedure to create the message.aspx.cs file.
To create the message.aspx.cs file
1. Start Notepad. 2. Copy and paste the following code into a new Notepad file: using System; using System.Data; using System.Configuration; using System.Collections; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.IO;
public partial class message : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { try { using (StreamReader sr = new StreamReader("c:\\blog.txt")) { string oneLine; Response.Write("Message in blog contains the following text: <HR>"); while((oneLine = sr.ReadLine()) != null) { Response.Write(oneLine); Response.Write("<BR>"); } } } catch (Exception myException) { Response.Write("The file containing the blog message could not be read. Check to make sure the blog.txt file is created in the root of C: on the Web server. Error message:"); Response.Write("<BR>"); Response.Write(myException.Message); } } } 3. Save the Notepad file as message.aspx.cs in the c:\inetpub\wwwroot\tokenapp directory. |
Create the Web.config File
Use the following procedure to create the web.config file.
To create the web.config file
1. Start Notepad. 2. Copy and paste the following code into a new Notepad file: <?xml version="1.0"?> <configuration> <system.web>
<!-- DYNAMIC DEBUG COMPILATION Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to false will improve runtime performance of this application. Set compilation debug="true" to insert debugging symbols (.pdb information) into the compiled page. Because this creates a larger file that executes more slowly, you should set this value to true only when debugging and to false at all other times. For more information, refer to the documentation about debugging ASP.NET files. --> <compilation defaultLanguage="c#" debug="true"> <compilers> <compiler language="c#" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" extension=".cs" compilerOptions="/d:DEBUG;TRACE"/></compilers> <assemblies> <add assembly="System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></assemblies></compilation> <!-- CUSTOM ERROR MESSAGES Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. Add <error> tags for each of the errors you want to handle.
"On" Always display custom (friendly) messages. "Off" Always display detailed ASP.NET error information. "RemoteOnly" Display custom (friendly) messages only to users not running on the local Web server. This setting is recommended for security purposes, so that you do not display application detail information to remote clients. --> <customErrors mode="RemoteOnly"/> <!-- AUTHENTICATION This section sets the authentication policies of the application. Possible modes are "Windows", "Forms", "Passport" and "None"
"None" No authentication is performed. "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to its settings for the application. Anonymous access must be disabled in IIS. "Forms" You provide a custom form (Web page) for users to enter their credentials, and then you authenticate them in your application. A user credential token is stored in a cookie. "Passport" Authentication is performed via a centralized authentication service provided by Microsoft that offers a single logon and core profile services for member sites. --> <identity impersonate="true"/> <authentication mode="Windows"/> <!-- AUTHORIZATION This section sets the authorization policies of the application. You can allow or deny access to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous (unauthenticated) users. --> <authorization> <allow users="*"/> <!-- Allow all users --> <!-- <allow users="[comma separated list of users]" roles="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]"/> --> </authorization> <!-- APPLICATION-LEVEL TRACE LOGGING Application-level tracing enables trace log output for every page within an application. Set trace enabled="true" to enable application trace logging. If pageOutput="true", the trace information will be displayed at the bottom of each page. Otherwise, you can view the application trace log by browsing the "trace.axd" page from your web application root. --> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true"/> <!-- SESSION STATE SETTINGS By default ASP.NET uses cookies to identify which requests belong to a particular session. If cookies are not available, a session can be tracked by adding a session identifier to the URL. To disable cookies, set sessionState cookieless="true". --> <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20"/> <!-- GLOBALIZATION This section sets the globalization settings of the application. --> <globalization requestEncoding="utf-8" responseEncoding="utf-8"/> </system.web> </configuration> 3. Save the Notepad file as web.config in the c:\inetpub\wwwroot\tokenapp directory. |
Create the Blog.txt File
The blog.txt file contains the text for the Windows NT token–based sample application. For the application to function correctly, this empty file must be created in the root of C: on the Web server. The blog.txt file is used to assign Read/Write access. Use the following procedure to create the blog.txt file.
To create the blog.txt file
1. On the adfsweb computer, start Windows Explorer. 2. Click the C: folder. 3. On the File menu, point to New, and then click Text Document. 4. Name the file blog.txt |