How to sign-in to WIF federation on the same page?

StackOverflow https://stackoverflow.com/questions/13494691

Question

I have this scenario.

  1. RP with passive federation to 2.

  2. Custom STS for user/password authentication

    Everything is working fine. So far the user would press login link, which would go to a restricted area, thus the federation security was triggered, and login screen appeared. It would prompt him to write the credentials, the request was then processed, etc.

    Now I'm required to create login (user/password) text-boxes on the same page (default page). How can I achieve federation sign-in operation without redirecting to a login page? Should (or can) I use FederatedPassiveSignIn control? If so, how?

Was it helpful?

Solution

You could show the login boxes on the unprotected landing page if IsAutheticated is false and then send a message to the custom STS login page with the credentials encrypted or whatever which then logs in behind the scenes and redirects back to your app. with the token in the normal manner.

However, if the user is not authenticated and bookmarks a page behind the landing page, they'll be redirected to the STS.

OTHER TIPS

For anyone interested (I doubt someone actually is), I've solved it through - basically - simulating what login page does.

// makes credentials validation, and creates IClaimsPrincipal with the acquired claims
IClaimsPrincipal principal = LoginHelper.SignIn(editEmail.Value, editPassword.Value);

// retrieves the instance of the STS (in this case my custom STS)
TrustedSecurityTokenService service = (TrustedSecurityTokenService) TrustedSecurityTokenServiceConfiguration.Current.CreateSecurityTokenService();

// creates the request manually to point to my original page (or whatever page you desire)
SignInRequestMessage request = FederatedAuthentication.WSFederationAuthenticationModule.CreateSignInRequest(Guid.NewGuid().ToString(), "http://page/i/want/to/go/after/the/validation.aspx", true);

// processes first the request...
SignInResponseMessage response = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(request, principal, service);

// ...then the response is processed, and redirected to URL above
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(response, Response);

This created cookies, and principal is not IsAuthenticated. As if it were process by login page (at least it seems to work so far as expected).

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top