I have a website where users are either external users who need to provide username/password or internal users in our network (AD). I tried mixing and matching OWIN Cookie Authentication (NuGet Microsoft.Owin.Security.Cookies) and OWIN Federated Authentication with ADFS (NuGet Microsoft.Owin.Security.WsFederation). I tried this:
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ApplicationCookie);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login"),
Provider = new CookieAuthenticationProvider
{
OnApplyRedirect = ctx =>
{
// Apply the redirect if UseADFSFlag is not found in the Query String
if (String.IsNullOrWhiteSpace(ctx.Request.Query.Get("UseADFS")))
{
ctx.Response.Redirect(ctx.RedirectUri);
}
}
}
});
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
MetadataAddress = ConfigurationManager.AppSettings["adsfs.MetadataAddress"],
Wtrealm = ConfigurationManager.AppSettings["adsfs.Wtrealm"],
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
});
}
CookieAuthenticateion takes place first. If there's not a QueryString parameter "UseADFS" the normal redirect to the Login page takes place. Otherwise move on. I'm expecting the FederationAuthentication to take over ONLY when the UseADFS parameter exists, but the Login redirect never takes place and the Federation Authentication always runs regardless of the parameter UseADFS being there or not.
Is there a way to make this work?
