SignOnRequestParameters.ForceAuthentication Property


Gets or sets a value that specifies whether the principal must be authenticated directly by the IdP for this request.

Namespace:   Microsoft.IdentityServer.Web
Assembly:  Microsoft.IdentityServer (in Microsoft.IdentityServer.dll)


public bool ForceAuthentication { get; set; }
property bool ForceAuthentication {
    bool get();
    void set(bool value);
member ForceAuthentication : bool with get, set
Public Property ForceAuthentication As Boolean

Property Value

Type: System.Boolean

true if the principal should be explicitly authenticated by the IdP for this request; otherwise false. The default is false.


If the ForceAuthentication property is true, Active Directory® Federation Services (AD FS) 2.0 forces the user to authenticate, even if a session already exists. The user is authenticated using one of the handlers configured under the <localAuthenticationTypes> element in web.config, according to the authentication requirements imposed by the RequestedAuthenticationContext property. For more information, see IdpInitiatedSignOnPage Class Overview.


The ForceAuthentication property and the IsPassive property are mutually exclusive. If one of these properties is set to true, the other should be false.

The default implementation of the AD FS 2.0 Sign-In Pages does not contain support for setting the ForceAuthentication property; however, you can modify IdpInitiatedSignOn.aspx, IdpInitiatedSignOn.aspx.cs, or both to provide this functionality through a query string parameter or through UI elements. For more information, including a code sample, see IdpInitiatedSignOnPage Class Overview.

See Also

SignOnRequestParameters Class
Microsoft.IdentityServer.Web Namespace
IdpInitiatedSignOnPage Class Overview

Return to top