WebAuthenticationBroker: It works in IE, but works differently in WebAuthenticationBroker


  • The service provider has the following characteristics:

    l  In the first sign in, user name and password are to be typed in, where in the querystring a redirect URL can be specified, and this redirection URL can be redirected to after a successful login, the UserName is also included in the querystring.

    l  If exactly the same URL as above, which contains the UserName, and redirection URL, are requested again in the browser, the service provider would redirect to this redirectionURL directly without displayin the Login Page.

    So, since WebAuthenticationBroker would return as long as the redirection Url matches the endUri parameter in AthenticateAsync(), I'm trying to achieve SSO by producing this URL with userName and RedirectUrl, and  passing this URL into AthenticateAsync(), thus:

    The first time I type in one of the instances, which would successfully log in, and in a second application referencing this DLL, the same URL is passed in, where the service provider redirects to the endUri, and webAuthenticationBroker detects, then returns status "success" with the responseData -- Then SSO is achieved in multiple applications.

    The problem I'm having now is, if I first log in in browser and then request the same URL again, I'm successfully redirected for the  second time, without requiring me to log in again; But when I try this in WebAuthenticationBroker, no matter I am logged in or not, I'm always taken to the login page, as if the information of my being logged in is lost.

    Why there's such a difference between the IE browser and the WebAuthenticationBroker? Is it because certain parts of information, such as the Session state, or Cookies, are not shared between different invokings of the broker class(Within the same run)? Then, how about the case of different invokings in different applications(Without restarting the first log in instance of the broker)?

    Thanks a lot.

    Monday, July 02, 2012 9:16 AM


All replies