WSFederationAuthenticationModule Class

[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

The WSFederationAuthenticationModule is an HTTP module that lets ASP.NET developers build claims aware applications. The WSFederationAuthenticationModule raises several events, which allows ASP.NET developers to customize its functionality in their applications. The WSFederationAuthenticationModule functionality is divided into task-specific methods to make it easier for ASP.NET developers to reuse and extend its functionality in their applications.

Namespace: Microsoft.IdentityModel.Web
Assembly: Microsoft.IdentityModel (in Microsoft.IdentityModel.dll)

Usage

'Usage
Dim instance As WSFederationAuthenticationModule

Syntax

'Declaration
Public Class WSFederationAuthenticationModule
    Inherits HttpModuleBase
public class WSFederationAuthenticationModule : HttpModuleBase
public ref class WSFederationAuthenticationModule : public HttpModuleBase
public class WSFederationAuthenticationModule extends HttpModuleBase
public class WSFederationAuthenticationModule extends HttpModuleBase

Remarks

WSFederationAuthenticationModule is added to the ASP.NET pipeline by making an entry in the web.config file. It implements IHttpModule, and registers with the ASP.NET runtime to listen for the AuthenticateRequest event. This lets it monitor requests for authentication cookies, and when these cookies are present and valid, to create an instance of IClaimsPrincipal for the authenticated user.

SessionAuthenticationModule monitors requests for authentication cookies. When these cookies are present and valid, the module creates a FederatedIdentity and IPrincipal for the authenticated user and sets the User and CurrentPrincipal properties.

The cookies are written as a result of calling SignIn with a token retrieved via an out-of-band method. SignIn is called automatically by the InformationCard and FederatedPassiveSignIn controls, which retrieve tokens using CardSpace and WS-Federation passive protocols, respectively.

A minimum configuration which enables the module resembles this:

<configuration>
  <system.web>
    <httpModules>
      <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </httpModules>
  </system.web>
  <system.webServer>
    <modules>
      <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
    </modules>
  </system.webServer>
</configuration>

Once configured, the WSFederationAuthenticationModule raises events at various stages of processing an HTTP request. ASP.NET developers can handle these events in the global.asax file. For sample code, see How to: Protect Only Certain Parts of a Web Site using the Federated Authentication Module.

Inheritance Hierarchy

System.Object
   Microsoft.IdentityModel.Web.HttpModuleBase
    Microsoft.IdentityModel.Web.WSFederationAuthenticationModule

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Target Platforms

Windows 7, Windows Server 2008 R2, Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2003 SP2 (32-bit or 64-bit)

Change History

See Also

Reference

WSFederationAuthenticationModule Members
Microsoft.IdentityModel.Web Namespace

Copyright © 2008 by Microsoft Corporation. All rights reserved.