Skip to content

Authentication

Authentication with REST API can be done either by authentication through ADFS or Key. Only one authentication type can be set on the store. You can change authentication type in Admin Web > Edit Store > API Authentication.

Retrieve SAML token using Username authentication

PowerShell - Get SAML token from ADFS using Username authentication

Add-Type -AssemblyName "System.ServiceModel"
Add-Type -AssemblyName "System.IdentityModel"

$binding = New-Object System.ServiceModel.WSHttpBinding([System.ServiceModel.SecurityMode]::TransportWithMessageCredential)
$binding.Security.Message.EstablishSecurityContext = $false
$binding.Security.Message.ClientCredentialType = [System.ServiceModel.MessageCredentialType]::UserName

$stsServiceUri = New-Object System.Uri("https://<ADFSHOSTNAME>/adfs/services/trust/13/UsernameMixed")
$stsEndPoint = New-Object System.ServiceModel.EndpointAddress($stsServiceUri)

$factory = New-Object System.ServiceModel.Security.WSTrustChannelFactory($binding, $stsEndPoint)
$factory.TrustVersion = [System.ServiceModel.Security.TrustVersion]::WSTrust13
$factory.Credentials.UserName.UserName = "<USERNAME>"
$factory.Credentials.UserName.Password = "<PASSWORD>"

$tokenRequest = New-Object System.IdentityModel.Protocols.WSTrust.RequestSecurityToken
$tokenRequest.Issuer = New-Object System.IdentityModel.Protocols.WSTrust.EndpointReference("https://<ADFSHOSTNAME>")
$tokenRequest.RequestType = [System.IdentityModel.Protocols.WSTrust.RequestTypes]::Issue
$tokenRequest.KeyType = [System.IdentityModel.Protocols.WSTrust.KeyTypes]::Bearer
$tokenRequest.AppliesTo = New-Object System.IdentityModel.Protocols.WSTrust.EndpointReference("https://<ZERVICEPOINTHOSTNAME>/")

$token = $factory.CreateChannel().Issue($tokenRequest)
$samlToken = [System.Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes($token.TokenXml.OuterXml));

# Copy to clipboard
"SAML $($samlToken)" | clip

C# - Get SAML token from ADFS using Username authentication

var binding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;

var stsServiceUri = new Uri("https://<ADFSHOSTNAME>/adfs/services/trust/13/UsernameMixed");
var stsEndPoint = new EndpointAddress(stsServiceUri);

var factory = new WSTrustChannelFactory(binding, stsEndPoint) { TrustVersion = TrustVersion.WSTrust13 };
factory.Credentials.UserName.UserName = "<USERNAME>";
factory.Credentials.UserName.Password = "<PASSWORD>";

var tokenRequest = new RequestSecurityToken {
    Issuer = new EndpointReference("https://<ADFSHOSTNAME>"),
    RequestType = RequestTypes.Issue,
    KeyType = KeyTypes.Bearer,
    AppliesTo = new EndpointReference("https://<ZERVICEPOINTHOSTNAME>/")
};

var token = factory.CreateChannel().Issue(tokenRequest) as GenericXmlSecurityToken;
var samlToken = Convert.ToBase64String(Encoding.Default.GetBytes(token.TokenXml.OuterXml));

Retrieve SAML token using Windows authentication

PowerShell - Get SAML token from ADFS using Windows authentication

Add-Type -AssemblyName "System.ServiceModel"
Add-Type -AssemblyName "System.IdentityModel"

$binding = New-Object System.ServiceModel.WS2007HttpBinding([System.ServiceModel.SecurityMode]::TransportWithMessageCredential)
$binding.Security.Message.EstablishSecurityContext = $false
$binding.Security.Message.ClientCredentialType = [System.ServiceModel.MessageCredentialType]::Windows

$spnIdentity = [System.ServiceModel.EndpointIdentity]::CreateSpnIdentity("host/<ADFSHOST>")
$adfsUri = New-Object System.Uri("https://<ADFSHOST>/adfs/services/trust/13/windowsmixed")
$adfsAddress = New-Object System.ServiceModel.EndpointAddress($adfsUri, $spnIdentity)

$factory = New-Object System.ServiceModel.Security.WSTrustChannelFactory($binding, $adfsAddress)
$factory.TrustVersion = [System.ServiceModel.Security.TrustVersion]::WSTrust13

$tokenRequest = New-Object System.IdentityModel.Protocols.WSTrust.RequestSecurityToken
$tokenRequest.RequestType = [System.IdentityModel.Protocols.WSTrust.RequestTypes]::Issue
$tokenRequest.KeyType = [System.IdentityModel.Protocols.WSTrust.KeyTypes]::Bearer
$tokenRequest.AppliesTo = New-Object System.IdentityModel.Protocols.WSTrust.EndpointReference("https://<ZERVICEPOINTHOST>/")

$token = $factory.CreateChannel().Issue($tokenRequest)
$samlToken = [System.Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes($token.TokenXml.OuterXml));

# Copy to clipboard
"SAML $($samlToken)" | clip

C# - Get SAML token from ADFS using Windows authentication

var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
binding.Security.Message.EstablishSecurityContext = false;

var spnIdentity = EndpointIdentity.CreateSpnIdentity("host/<ADFSHOST>");
var adfsUri = new Uri("https://<ADFSHOST>/adfs/services/trust/13/WindowsMixed");
var adfsAddress = new EndpointAddress(adfsUri, spnIdentity);
var factory = new WSTrustChannelFactory(binding, adfsAddress) { TrustVersion = TrustVersion.WSTrust13 };

var tokenRequest = new RequestSecurityToken {
    RequestType = RequestTypes.Issue,
    KeyType = KeyTypes.Bearer,
    AppliesTo = new EndpointReference("https://<ZERVICEPOINTHOST>/")
};

var token = factory.CreateChannel().Issue(tokenRequest) as GenericXmlSecurityToken;
var samlToken = Convert.ToBase64String(Encoding.Default.GetBytes(token.TokenXml.OuterXml));