ADFS authentication on multiple browser windows RRS feed

  • Question

  • User-510406329 posted

    I’m developing an MVC 5 application on .NET 4.5 that’s been configured to use ADFS as Identity Provider with the web app acting as a Relying Party. The app is behaving differently on IE9 and Chrome as far as authentication is concerned.

    When I run the app on IE9 for the first time and go to a page that requires the user to be authenticated, IE asks me to authenticate as expected. But when I launch a new IE9 window and navigate to the same page, IE asks me to authenticate again which is not expected as it should know I am already logged in. However this does not happen on Chrome, i.e. the second instance of Chrome knows I am already logged in.

    Similarly, on IE9 when I log out of the application on one instance the other instance thinks I am still logged in, whereas when I run two instances of Chrome and I log out on one, the other knows I’m logged out.

    How can I get IE9 to behave the same as Chrome? Is this some configuration issue on ADFS or do I need more server side code in the application to ensure IE9 behaves properly?

    Many thanks in advance

    Friday, December 18, 2015 4:12 PM

All replies

  • User-2057865890 posted


    Welcome to asp.net forum.

    AuthnRequest ForceAuthn attribute:

    If this attribute is set “true”, AD FS 2.0 ignores any existing session with the user and tries to authenticate the user by using the configured handlers. If an authentication context is specified, the handler invoked to authenticate the user is determined by the authentication context classes and comparison rule specified in the requested authentication context.

    Authentication Handler Overview

    Best regards,

    Chris Zhao

    Monday, December 21, 2015 3:32 AM
  • User-510406329 posted

    Hi Chris

    Many thanks for your response. I am at a loss on how to implement AuthnRequest element. It seems to be part of SAMLP protocol. I'm using .NET 4.5 with MVC 5. Do they support SAMLP?

    If yes, which end do I need to implement this? On the server side or client side?

    If no, then how else can resolve my issue?

    As I explained in my question my problem is the second IE instance does not share authentication cookie with the first and so it does not know about the session already established by the first instance. I'm sure others have experienced this issue before and there must be a solution to this.

    Monday, December 21, 2015 11:41 AM