A SAML 2.0 Authentication Middleware for ASP.NET Core

Abstract

The modern society is becoming more and more depended on information systems to run its critical services. Public infrastructure facilities, including the health services, commercial airlines and nuclear power plants depend on functional information systems to deliver secure and quality services to the society.

One way of building information systems is the use of web-based Internet applications. Web applications are software programs that run on a web server, and are accessed through a web browser. They are accessible from any device or computer that is connected to the Internet. Considering the sensitivity and nature of personal information web applications store and give access to this days, they have to be built with security in mind. This includes, but not only limited to an effective authentication and authorization mechanism. Effective authentication in web applications can be achieved using web application authentication protocols such as SAML and others.

Integrating a web application with a SAML identity provider is complex and time consuming for software developers. It requires a deep knowledge and understanding of XML, XML signatures and x509 certificates for encryption, decryption and signing of protocol messages.

ASP.NET Core is the new framework developed by Microsoft for implementing web applications. At the moment, there are no free, open source SAML 2.0 libraries for ASP.NET Core. This thesis looks at how the SAML 2.0 authentication framework can be implemented in ASP.NET Core based web applications. It explores a way of making SAML 2.0 implementation friendly to software developers, by creating an open source, easy to configure, reusable, and flexible SAML 2.0 based authentication middleware for ASP.NET Core.