FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie does not set IsAuthenticated to true in SP

Question

User1362097586 posted

I am working on SAML 2.0. I have forms authentication enabled in IDP. When a authentication request is made from SP to IDP, the request is authenticated using forms authentication in IDP. Following is the code that sets the cookie


   

  if (Membership.ValidateUser(model.UserName, model.Password))
            {
                FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(GetSecurityTokenForFormsAuthentication(model.UserName));
            }


private static SessionSecurityToken GetSecurityTokenForFormsAuthentication(string user)
        {
            var claims = new[] { new Claim(ClaimTypes.Name, user) };
            var identity = new ClaimsIdentity(claims, "Forms");
            var principal = new ClaimsPrincipal(identity);
            return new SessionSecurityToken(principal);
        }

            
After the cookie is set, the response is sent back to SP but the Context.IsAuthenticated is false in SP. 

Whereas if i set the cookie using the following code and send the response to SP, then Context.IsAuthenticated is set true in SP

     

 if (Membership.ValidateUser(model.UserName, model.Password))
            {
                FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
            }

Can anyone tell me why the Context.IsAuthenticated is set false when the cookie is set using FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie?

Answer 1

User36583972 posted

Hi Harshitha Kavindra,

As far as I know, By default the authentication session feature will only work through SSL. The following article describes in detail how to use it. You can refer it and debug your code.

Claims-based authentication in MVC4 with .NET4.5 C# part 2: storing authentication data in an authentication session:

https://dotnetcodr.com/2013/02/28/claims-based-authentication-in-mvc4-with-net4-5-c-part-2-storing-authentication-data-in-an-authentication-session/

Best Regards,

Yohann Lu

Answer 2

User1362097586 posted

Hi Yohann Lu,

I had tried the above before posting the thread. It was of no help.

Answer 3

User36583972 posted

Hi Harshitha Kavindra,

I found the following tutorials describes in great detail. You can refer to them and debug your program.

Replacing forms authentication with WIF’s session authentication module (SAM) to enable claims aware identity:

https://brockallen.com/2013/01/26/replacing-forms-authentication-with-wifs-session-authentication-module-sam-to-enable-claims-aware-identity/

Claims-based identities in ASP.NET MVC 4.5 using the standard ASP.NET providers:

http://chris.59north.com/post/Claims-based-identities-in-ASPNET-MVC-45-using-the-standard-ASPNET-providers

Best Regards,

Yohann Lu