Reputation: 1190
WSFederationAuthenticationModule.RedirectingToIdentityProvider event is not called
I have 2 events in my Global.asax.cs file
WSFederationAuthenticationModule_SecurityTokenValidated and WSFederationAuthenticationModule_RedirectingToIdentityProvider
WSFederationAuthenticationModule_RedirectingToIdentityProvider is not called by wif engine. Why?
public class MvcApplication : System.Web.HttpApplication
{
void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e)
{
FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
}
void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
{
//some code
}
}
This is microsoft.identityModel section in web.config
<microsoft.identityModel>
<service saveBootstrapTokens="true">
<audienceUris mode="Never">
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost/dss.web.sts.tokenbaker/" realm="http://localhost/dss.web.frontend" requireHttps="false" />
<cookieHandler requireSsl="false" />
</federatedAuthentication>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="308efdee6453fff68c402e5eceee5b8bb9eaa619" name="servcert" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
Upvotes: 6
Views: 14370
Answers (7)
Reputation: 4075
For the people who are sub-classing WSFederationAuthenticationModule and therefor changing the module registration name in the web.config and are using the auto wiring approach (inside the global.asax.cs) you will also have need to change the beginning of the method name.
For example if you have the following in system.webServer\modules
<add name="CustomWsFedModule" type="SomeLib.CustomWSFederationAuthenticationModule" preCondition="managedHandler" />
You will need the following inside your global.asax.cs
public class MvcApplication : System.Web.HttpApplication
{
void CustomWsFedModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
{
//some code
}
}
Upvotes: 0
Reputation: 592
My problem was that I had the following modules added to both the system.web/httpModules and system.webServer/modules sections.
<add name="WsFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
Removing the elements from the system.web/httpModules section solved the issue and all events attached to the WSFederationAuthenticationModule instance were being fired.
Upvotes: 0
Reputation: 18250
One thing to check is that you are referencing a consistent assembly between your web.config module and your Global.asax.cs using statement. Since the type RedirectingToIdentityProviderEventArgs exists in both System.IdentityModel.Services and Microsoft.IdentityModel.Web (as of .NET 4.5) you might be adding the module from one assembly in web.config but referencing the event arg from the other assembly in Global.asax.cs. I think that would fail.
Upvotes: 0
Reputation: 6882
Make sure you're referencing WSFederationAuthenticationModule from the new namespaceSystem.IdentityModel.Services.
In my case I was still referencing it from the old Microsoft.IdentityModel.Web namespace after migrating the solution to .NET 4.5.
Found my answer here.
Upvotes: 2
Reputation: 940
You are missing following lines in your web.config:
In configSections element:
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
In system.webServer element
<modules>
<remove name="FormsAuthentication" />
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
Your audience Uris is empty. You have to specify your web application, so it can consume this functionality. So, add this line :
<audienceUris>
<add value="http://localhost/dss.web.frontend"/>
</audienceUris>
If your problems reamined after this changes, you can implement your custom authentication module derived from WSFederationAuthenticationModule. Something like this :
public class CustomAuthenticationModule : WSFederationAuthenticationModule
{
public CustomAuthenticationModule()
{
base.SecurityTokenReceived += CustomAuthenticationModule_SecurityTokenReceived;
}
public void CustomAuthenticationModule_SecurityTokenReceived(object sender, SecurityTokenReceivedEventArgs e)
{
}
protected override void OnAuthenticateRequest(object sender, EventArgs args)
{
base.OnAuthenticateRequest(sender, args);
}
}
and then just in config change instead of WSFederationAuthenticationModule put CustomAuthenticationModule with appropriate namespace and assembly signature. So you can intercept calls in your delegate.
Hope this is helpful for you.
Rastko
Upvotes: 8
Reputation: 2026
Add the following to your Global.asax.cs:
void Application_Start()
{
FederatedAuthentication.ServiceConfigurationCreated += OnServiceConfigurationCreated;
}
void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
FederatedAuthentication.WSFederationAuthenticationModule.RedirectingToIdentityProvider += WSFederationAuthenticationModule_RedirectingToIdentityProvider;
}
Credit to https://stackoverflow.com/a/9207505/13932
Upvotes: 3
Reputation: 9494
It sounds like you may be missing the WSFederationAuthenticationModule in your configuration. Make sure you have this in system.webServer\modules:
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
And this in system.web\httpModules:
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
Read here for more information.
Upvotes: 0
Related Questions
- Redirecting to a custom login page using Windows Identity Foundation
- OnRedirectToIdentityProvider event missing in .NET Framework OpenIdConnect package
- WIF's SessionAuthenticationModule is always null. Why?
- ClaimsAuthenticationManager.Authenticate never gets called
- WIF: SessionAuthenticationModule Always Null
- ClaimsAuthenticationManager is not invoked
- WSFederationAuthenticationModule: RedirectToIdentityProvider: Does the realm have to be a subset of the request URL?
- FederatedAuthentication.WSFederationAuthenticationModule is null at runtime
- Programmatical configuring Microsoft.IdentityModel on ASP.NET application not working - Passive Redirect enabled but never worked
- SessionAuthenticationModule with Windows Authentication