1

I have ASP.NET MVC 4 applications (STS and RP) that use WIF 4.5 for authentication. STS application has custom security token service and Relying Party calls STS to get authentication, that part works normally, but I don't want to use cookie to store my token data, so I set up events in Global.asax in order to use session to store the data, but I cannot get FederatedAuthentication events fire that would do the job.

In debug mode Global.asax Application_Start method gets invoked and registers all of the events I need, but none of them are called when they are supposed to be called. The strange thing is that they used to work, but suddenly they just stopped firing and I don't know why, since I didn't change anything. I've set up Application_Error method in Global.asax and I get no errors at all and also there is nothing in Windows event logs.

What can be wrong in my configuration? How can I investigate the problem?

Web.config

<configuration>
  <configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
  </configSections>
    <system.web>
        <authorization>
          <deny users="?" />
        </authorization>
        <authentication mode="None"></authentication>
        <httpRuntime targetFramework="4.5" />
        <httpModules>
          <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        </httpModules>
    </system.web>
    <system.webServer>
        <validation validateIntegratedModeConfiguration="false" />
        <modules runAllManagedModulesForAllRequests="true">
          <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
          <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
        </modules>
    </system.webServer>
    <system.identityModel>
        <identityConfiguration>
          <certificateValidation certificateValidationMode="None" />
          <audienceUris>
            <add value="http://www.rp.com/" />
          </audienceUris>
          <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
            <trustedIssuers>
              <add thumbprint="*thumbprint*" name="CertificateName" />
            </trustedIssuers>
          </issuerNameRegistry>
        </identityConfiguration>
    </system.identityModel>
    <system.identityModel.services>
        <federationConfiguration>
          <cookieHandler requireSsl="false" />
          <wsFederation passiveRedirectEnabled="true" issuer="http://www.sts.com/" realm="http://www.rp.com/" reply="http://www.rp.com/" requireHttps="false" />
        </federationConfiguration>
    </system.identityModel.services>
</configuration>

Global.asax

protected void Application_Start(object sender, EventArgs e)
{
    FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
    FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += OnSessionSecurityTokenCreated;
}

private void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{

}

private void OnSessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{

}
Kartikeya Khosla
  • 18,743
  • 8
  • 43
  • 69
desperate man
  • 905
  • 1
  • 17
  • 39
  • Ok, I managed to fix part of the problem by implementing my own custom **WSFederationAuthenticationModule** and registering it in the web.config instead of the original module. Now **OnSessionSecurityTokenCreated** event gets fired. However, the problem still persists since I don't know why the original module doesn't work as expected, but at least I have a workaround. Thanks a lot to a guy who suggested this tip in this question: http://stackoverflow.com/a/14051918/164770 – desperate man Jul 22 '14 at 13:23

2 Answers2

0

The problem is solved. It was my fault.

I created a shared Global.asax class in a separate library and all Relying Party websites were referencing it (just to reduce code duplication). RP website gets started, its own Global.asax Application_Start gets called and then base class's Application_Start gets called, there events were getting registered.

public class GlobalHttpApplication : HttpApplication
{
    protected virtual void Application_Start(object sender, EventArgs e)
    {
        FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
        FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += OnSessionSecurityTokenCreated;
    }

    private void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
    {
    }

    private void OnSessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
    {
    }
}

public class RelyingPartyHttpApplication : GlobalHttpApplication
{
    protected override void Application_Start(object sender, EventArgs e)
    {
        base.Application_Start(sender, e);
    }
}

I don't really understand why events don't fire, since the Federation Module hasn't been lost nor modified, but for some reason events registered in a different library don't fire.

So my working Global.asax class looks as follows:

public class RelyingPartyHttpApplication : HttpApplication
{
    protected void Application_Start()
    {
        FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
        FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += OnSessionSecurityTokenCreated;
    }

    private void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
    {
    }

    private void OnSessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
    {
    }
}
desperate man
  • 905
  • 1
  • 17
  • 39
0

Important thing to note is how to handle SecurityTokenValidated and SessionSecurityTokenCreated events of WSFederationAuthenticationModule class: https://stackoverflow.com/a/58561136/5557538

tibx
  • 840
  • 13
  • 20