WSFederationAuthenticationModule.OnAuthenticateRequest Method

Definition

Namespace:

System.IdentityModel.Services

Assembly:

System.IdentityModel.Services.dll

Handles the AuthenticateRequest event from the ASP.NET pipeline.

protected:
 virtual void OnAuthenticateRequest(System::Object ^ sender, EventArgs ^ args);

protected virtual void OnAuthenticateRequest (object sender, EventArgs args);

abstract member OnAuthenticateRequest : obj * EventArgs -> unit
override this.OnAuthenticateRequest : obj * EventArgs -> unit

Protected Overridable Sub OnAuthenticateRequest (sender As Object, args As EventArgs)

Parameters

sender

Object

The source for the event. This will be an HttpApplication object.

args

EventArgs

The data for the event.

Remarks

The OnAuthenticateRequest method implements the WS-Federation request processing pipeline. It is added to the HttpApplication.AuthenticateRequest event in the ASP.NET pipeline by the InitializeModule method.

The method performs the following:

1. Calls the CanReadSignInResponse(HttpRequestBase) method to determine whether a WS-Federation sign-in response message ("wsignin1.0") has been received. If the response is a WS-Federation sign-out clean-up request ("wsignoutcleanup1.0"), CanReadSignInResponse(HttpRequestBase) processes the message, terminates the request and redirects the client according to the WS-Federation parameters in the request. If the message is not a sign-in response or a sign-out clean-up request, the module just returns; otherwise it performs the following steps to process the sign-in response.

2. Calls the GetSecurityToken(HttpRequestBase) method to deserialize a SecurityToken object from the request.

3. Raises the SecurityTokenReceived event. You can cancel further processing or modify the received security token in a handler for this event. A handler is typically used to modify the SecurityToken.ValidFrom or SecurityToken.ValidTo properties.

4. Validates the security token and creates a ClaimsPrincipal object from the claims in the security token.

5. Raises the SecurityTokenValidated event. You can cancel further processing or modify the claims principal in a handler for this event.

6. Uses the configured session authentication module (SAM) to create a SessionSecurityToken object. (The configured SAM is the SessionAuthenticationModule object returned by the FederatedAuthentication.SessionAuthenticationModule property.) The session token is created by using the claims principal returned in step 5. The SessionSecurityToken.ValidFrom and SessionSecurityToken.ValidTo properties are set by using the ValidFrom and ValidTo properties of the SecurityToken returned in step 3 and are validated against the current time and the token lifetime specified by either the DefaultTokenLifetime or the TokenLifetime property of the SessionSecurityTokenHandler object in the token handler collection being used by WSFAM. The token lifetime on the session token handler can be specified in configuration through the <sessionTokenRequirement> element. Note: The PersistentSessionLifetime property on the cookie handler configured for the SAM is not used.

7. Calls the SetPrincipalAndWriteSessionToken method with the session token to write the session cookie. The SetPrincipalAndWriteSessionToken method first raises the SessionSecurityTokenCreated event. You can change properties on the session token or change whether the cookie should be persisted in a handler for this event. After the event is raised, the method then writes the cookie using the SAM.

   Note

   The SessionSecurityTokenHandler set in configuration is not used to write the cookie.

8. Calls the OnSignedIn method to raise the SignedIn event.

9. Calls the GetReturnUrlFromResponse method to get the RP page to which to redirect the client. By default, this method reads the return URL from the wctx parameter in the sign-in response. For more information about how WSFAM stores the return URL, see the CreateSignInRequest method.