Using ALL AuthenticationContext in interactive mode works fine. But trying to do non interactive (active federation) it results in (403) forbidden.
I configured my ACS with WAAD and followed all the information i could find with PowerShell etc.
It works using Passive mode with AAL
var authContext = new AuthenticationContext("https://mydomain.accesscontrol.windows.net");
var idpdList = authContext.GetProviders("urn:myservice");
foreach (var idpd in idpdList)
{
if (string.Compare("myidpname", idpd.Name, StringComparison.OrdinalIgnoreCase) == 0)
{
assertionCredential = authContext.AcquireToken("urn:myservice");
break;
}
}now i have a assertionCredential in interactive mode which is very nice, but the requirements i have is that it should be more hidden in our application with a custom login screen without domain etc.
I tried the following which returns (403) Forbidden
var authContext = new AuthenticationContext("https://mydomain.accesscontrol.windows.net");
AssertionCredential assertionCredential = null;
var idpdList = authContext.GetProviders("urn:myservice");
foreach (var idpd in idpdList)
{
if (string.Compare("myidpName", idpd.Name, StringComparison.OrdinalIgnoreCase) == 0)
{
var credential = new UsernamePasswordCredential("mydomain.onmicrosoft.com", "username", "password");
assertionCredential = authContext.AcquireToken("urn:myservice", idpd, credential);
break;
}
}All the examples i found are doing it this way, or nearly this way.
Is it possible that i have to enable active federation somewhere? I can't find it in any configuration of ACS and WAAD.
I tried the AAL Stable version 0.6.1. from 11/20/2012
Any clue in how to obtain a token from ACS with an WAAD identity provider configured? If it can be done without AAL i'm happy as well.
Help :)