CODEWITHSUNDEEP
asp.netwif
Imran Qadir Baksh - Baloch
Imran Qadir Baksh - Baloch

Reputation: 34004

WSFederationAuthenticationModule v/s SessionAuthenticationModule

According to documentation, both module will used to create instance of IClaimsPrincipal. I am not understanding why WIF bother to use 2 HttpModules instead of one? Sorry, I am new in WIF

Upvotes: 2

Views: 2798

Answers (2)

Wiktor Zychla
Wiktor Zychla

Reputation: 48270

You don't need both to have the IClaimsPrincipal in the pipeline. You need the latter, the SessionAuthenticationModule. It is responsible for converting the WIF cookie into the principal object (similar what FormsAuthenticationModule does with a form cookie).

The former, WSFederationAuthenticationModule is responsible only for the initial SAML post from the indentity provider to your application - the module consumes the post and issues the WIF cookie. Alternatively you can do it with a wif:FederatedPassiveSignIn control placed on your login form.

When I code WIF-enabled applications, I usually have only the SAM module and I use the login control for issuing cookies.

Upvotes: 4

Garrett Vlieger
Garrett Vlieger

Reputation: 9494

The big difference is that the WSFederationAuthenticationModule intercepts requests and will redirect the user to be authenticated by the STS while the SessionAuthenticationModule uses the WIF-token cookie to authorize the user on subsequent requests.

The SessionAuthenticationModule fires first in the pipeline so if you already have a session cookie (i.e., you've already been authenticated), the session module will grant you access.

The MSDN documentation does a decent job of describing this.

Upvotes: 5

Related Questions