3

We have an existing MVC app using the ASP.Net Identity Framework to store user logins/passwords/roles/etc... in a local SQL database. We would like to move the authentication portion of the identity to use a SAML IdP but still build out the IdentityUser object within the Identity Framework with the details from the local database. Essentially the flow would be:

User browses to site -> User is forwarded to IdP for authentication -> User is directed back to site after successful authentication -> Details from local SQL database are retrieved using information passed back from IdP (likely email address) -> Site leverages IdentityUser object with information from local database

I cannot find really any information on this approach, which makes me think it is not possible and/or advisable. Any direction or suggestions would be appreciated.

user7273434
  • 73
  • 3

1 Answers1

0

You could handle the AcsCommandResultCreated notification and then load the IdentiyUser by the email saml assertion

orsvon
  • 11
  • 3
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Dec 29 '21 at 10:15