WSFederationAuthenticationModule.RedirectingToIdentityProvider event is not called

Question

I have 2 events in my Global.asax.cs file

WSFederationAuthenticationModule_SecurityTokenValidated and WSFederationAuthenticationModule_RedirectingToIdentityProvider

WSFederationAuthenticationModule_RedirectingToIdentityProvider is not called by wif engine. Why?

public class MvcApplication : System.Web.HttpApplication
{ 
    void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e)
    {
        FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
    }


    void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
    {
        //some code
    }
}

This is microsoft.identityModel section in web.config

<microsoft.identityModel>
        <service saveBootstrapTokens="true">
          <audienceUris mode="Never">

          </audienceUris>
          <federatedAuthentication>
            <wsFederation passiveRedirectEnabled="true" issuer="http://localhost/dss.web.sts.tokenbaker/" realm="http://localhost/dss.web.frontend" requireHttps="false" />
            <cookieHandler requireSsl="false" />



          </federatedAuthentication>

          <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
            <trustedIssuers>
              <add thumbprint="308efdee6453fff68c402e5eceee5b8bb9eaa619" name="servcert" />

            </trustedIssuers>
          </issuerNameRegistry>
        </service>
      </microsoft.identityModel>

Answer 1

You are missing following lines in your web.config:

In configSections element:

<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

In system.webServer element

 <modules>
  <remove name="FormsAuthentication" />
  <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
  <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>

Your audience Uris is empty. You have to specify your web application, so it can consume this functionality. So, add this line :

  <audienceUris>
    <add value="http://localhost/dss.web.frontend"/>
  </audienceUris>

If your problems reamined after this changes, you can implement your custom authentication module derived from WSFederationAuthenticationModule. Something like this :

public class CustomAuthenticationModule : WSFederationAuthenticationModule
{
    public CustomAuthenticationModule()
    {
        base.SecurityTokenReceived += CustomAuthenticationModule_SecurityTokenReceived;
    }

    public void CustomAuthenticationModule_SecurityTokenReceived(object sender, SecurityTokenReceivedEventArgs e)
    {

    }

    protected override void OnAuthenticateRequest(object sender, EventArgs args)
    {
        base.OnAuthenticateRequest(sender, args);
    }
}

and then just in config change instead of WSFederationAuthenticationModule put CustomAuthenticationModule with appropriate namespace and assembly signature. So you can intercept calls in your delegate.

Hope this is helpful for you.

Rastko

Answer 2

Add the following to your Global.asax.cs:

void Application_Start()
{
    FederatedAuthentication.ServiceConfigurationCreated += OnServiceConfigurationCreated;
}


void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
    FederatedAuthentication.WSFederationAuthenticationModule.RedirectingToIdentityProvider += WSFederationAuthenticationModule_RedirectingToIdentityProvider;
} 

Credit to https://stackoverflow.com/a/9207505/13932

Answer 3

Make sure you're referencing WSFederationAuthenticationModule from the new namespaceSystem.IdentityModel.Services.

In my case I was still referencing it from the old Microsoft.IdentityModel.Web namespace after migrating the solution to .NET 4.5.

Found my answer here.