SharePoint Online with ADFS Authentication

On July 2012 I had the problem that I wanted to connect to a SharePoint Online instance that had an Active Directory Federation Services (ADFS) in front. At this time I couldn’t find any how-to on the web that would explain me how to do it. I asked at for a solution and became a hint and also found a post by Wictor Wilén at his blog that describes the authentication to SharePoint Online without an ADFS. At this time I solved my problem with a workaround in the project but later that year I had the same problem again and I know that I had to solve it on my own because my question hadn’t received any new answers.

I used Fiddler, a web debugging proxy, to understand the authentication process. First you need to get the Security Assertion Markup Language (SAML) tokens. I looked up the needed requirements for the SAML-Tokens and was able to get them. With those tokens I was now able to get a token from the Microsoft Online Services (MOS) via the Secure Token Service (STS). With that token I can now finally authenticate my application against SharePoint Online and receive a authentication token that I have to use in all my REST-Requests (as cookies) in order to authenticate my requests.

At this last point on receiving the token from the Secure Token Service (STS) I stumbled upon an article from Omar Venado that solved my problem and posted the solution in his blog. Because I was short on time I used his finished solution in my project (with a few fixes and modifications) and throw my pre finished solution away. This is why I didn’t post some code snippets – look at Omar’s post for the snippets and a deeper explanation.

But because of my question on I received a view e-mails if I had found the solution to my problem and if I’m willing to share it. So I fought I make this blog post to spread the solution. I have also created a new project and copied the modified version of Omar’s solution in it and created a Windows 8 Store skeleton app. You can find it at Github:

Feel free to use it, improve it and tell others about it ;-)


SharePoint Online Auth


Jens Willmer is a professional .NET-Developer. He Works at a company located in south Germany. In his spare time he writes blog articles, contributes to open source projects and plays beach volleyball.

Tagged with: , , , , , , , , ,
Posted in Programming, Server
12 comments on “SharePoint Online with ADFS Authentication
  1. Jonathan says:

    Hi Jens,
    I’m currently facing a very similiar Problem at Work.
    I’m currently set up for a Task, where i have to create an Outlook Addin, which can store e-mails directly into Office 365.
    i found a good sample online which does this (saving is acomplished through a button)
    but instead of directly connecting to Office 365 (with User and Password) i have to connect through an ADFS, which if done through the Browser goes someway like this:
    Open Office 365 Login Page (enter E-Mail only)
    page Redirects you immedietaly to another page where you are requested to enter a Username and a Password.
    and after that you are logged in.
    i’ve read both your, and Omar Venado’s Post, my question to you is:
    Do i have to do extra authentication if I’m trying to connect a user through Outlook,
    do you have any Tips or Ideas (Code Snippets).
    I’m really greateful for your help! thank you

    • Jens Willmer says:

      It shouldn’t be a problem to use my code in an Outlook plugin. If the user is connected to an active directory you can login with single sign-on. If he isn’t you need to provide a login mask like I did in the metro skeleton :-)

  2. Bob says:

    Does this Work for ADFS 2.0 ?

  3. Simon Ovens says:

    I used Wictor’s authentication to SharePoint Online without an ADFS and this worked great until we used a custom CNAME for the site. I noticed others reported the same problem.
    Do you know if using this authentication mechanism will be any different?

    • Jens Willmer says:

      I think the actual authentication mechanism isn’t that different. Give it a try but I can only assume that you end up with the same result :-(

      I currently have no option to test the skeleton with your settings please let me know if it works :-)

  4. pknet says:

    Thanks for the article! It is just what I needed! I am having trouble getting back the binarysecuritytoken. Any ideas why I would not get it back? I have used Omar Venado code and others but each do not return back the token.
    Thanks in advance

  5. tyler says:

    I need to do this same thing but from a windows 7 thin client. I had hoped to be able to just call it via the client object model from a console app, but I’m not allowed to reference it because of the difference in .NET versions. I basically need something similar to GetAdfsSAMLTokenWinAuth() to run after the user logs in, but I’m having trouble sorting out how to change it in order to do what I need it to do. Any guidance will be much appreciated.

  6. macca says:

    Thanks so much for posting this, it would have been a real pain to get working, but you have helped me a lot in my troubles.

  7. Catherine says:

    Hi Jens. I am trying to combine both forms authentication with adfs authentication in one .net application using c#.

    I have already authenticated against adfs and returned a validated saml token, but I am wondering if there is an easy way to log into my site using this token, rather than creating a FormsAuthenticationTicket? Ideally, I want this to create a cookie to enable SSO for other sites I have deveoped and assigned to my own custom STS

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">