Wednesday, February 29, 2012 9:01 PM
We've got an ADFS implementation working in our environment and I've got our issues worked down to 2 parts:
1) When the user clicks the button for localLogoff, it sends them back to the login page, but they are able to click the Login button again immediately and are not prompted for credentials. Is there any way to prevent this?
2) I am trying to do some customization that requires me to read who's currently authenticated in the ADFS session. Intermittently, I can get the logged on user by using this statement:
I can get the logged in user correctly about 1 out of every 7 attempts, but it is completely intermittent and when it doesn't return the name, it returns completely empty.
Thursday, March 01, 2012 6:38 PM
1) Wondering if this is good old WIA in action doing SSO behind the scenes? Have you tried setting Forms mode? (Set this in LocalAuthenticationTypes in the ADFS web.config. Just move Forms to the top of the list.)
2) HttpContext.Current.User.Identity should work although in WIF I normally use Thread.CurrentPrincipal.Identity.
You could also configure ADFS to pass the Name through as a claim.
Thursday, March 01, 2012 8:27 PM
Are you referring to Forms-Based Authentication in IIS or just the web.config file as you noted?
Additionally, I'm trying to sense the logged on user of the ADFS session. We force our users to login to ADFS, then take them to the IDP Initiated Sign On page to select a resource to launch. To my understanding, the claims are sent when you launch an application and the SAML request is sent across. Is that not correct?
Friday, March 02, 2012 12:16 AM
I mean the "FormsSignIn.aspx" page in ADFS.
I've never used IDP Initiated Sign On but I think you are correct. (You didn't mention IDP Initiated Sign On in the original question :-) )
- Edited by nzpcmad1 Friday, March 02, 2012 12:17 AM sp