ADFS 2.0 and SharePoint Client OM

The Issue

Recently we implemented a series of innovative SharePoint 2010 websites for a high profile client, which is secured by ADFS 2.0.
Login via the browser works great and the user is re-directed to an ADFS login page, which presents a variety of login methods.

However, we encountered an issue when trying to login via the Client OM. For example, the following code throws a forbidden error:

ClientContext ctx = new ClientContext(webUrl);
ctx.Credentials = CredentialCache.DefaultCredentials;
ctx.RequestTimeout = 30000;

var web = ctx.Web;
var lists = ctx.LoadQuery(web.Lists);
/* Execute the query */
ctx.ExecuteQuery();

StringBuilder sb = new StringBuilder();
sb.Append("Lists in " + webUrl + ":" + Environment.NewLine);
sb.Append("---------------------------------------------------------------------" + Environment.NewLine);
foreach (var list in lists)
{
   sb.Append(list.Title + Environment.NewLine);
}
new frmDialog(sb.ToString(), "Success!!!").ShowDialog();

The solution to this problem was not so obvious.
I will first post the solution and then discuss the theory behind it in another detailed post.

The Solution

1. Download the helper dll from here
2. Add it to yor primary project.
3. Add a few exrta lines to your object model invocation code:

ClientContext ctx = new ClientContext(webUrl);
ctx.Credentials = CredentialCache.DefaultCredentials;
ctx.RequestTimeout = 30000;
/* Configuire the handler that will pick up the authenticated cookie */
ctx.ExecutingWebRequest += new EventHandler<WebRequestEventArgs>(ctx_ExecutingWebRequest);

var web = ctx.Web;
var lists = ctx.LoadQuery(web.Lists);
/* Execute the query */
ctx.ExecuteQuery();

StringBuilder sb = new StringBuilder();
sb.Append("Lists in " + webUrl + ":" + Environment.NewLine);
sb.Append("---------------------------------------------------------------------" + Environment.NewLine);
foreach (var list in lists)
{
   sb.Append(list.Title + Environment.NewLine);
}
new frmDialog(sb.ToString(), "Success!!!").ShowDialog();

...

void ctx_ExecutingWebRequest(object sender, WebRequestEventArgs e)

{

try

{

e.WebRequestExecutor.WebRequest.CookieContainer = Helper.AttachCookie(txtWctx.Text, txtWtrealm.Text, txtWreply.Text, txtcorpStsUrl.Text, txtUserId.Text,

txtPassword.Text);

}

catch (Exception ex)

{

Helper.InValidateCookie();

new frmDialog(ex.ToString(), "Error Setting Auth Cookie").ShowDialog();

}

}

Tools and Resources

I created a demo client which can be used to test SharePoint Client OM access to a SharePoint url. It is configurable and will accept the Wctx, Wtream, Wrepy and STS Role parameters. It also has a helper to build those urls by specifying a Web url and STS Root url.



Download it from here.

The complete source code can be downloaded from here.