parameters for WS-Federation when using OWIN

We are using OWIN to configure our WS-Federation, and our identity server requires sending certain parameters with the Sign In Request Message. In the old days that meant adding a well-known method to the Global.asax file. Using Owin, this has to be done slightly differently.

The important part for this was the ability to intercept the message before it is sent to the identity provider. To do that, we actually have to create a method with a predefined name WSFederationAuthenticationModule_RedirectingToIdentityProvider that will get automagically called by the application runtime. In it, we get access to the SignInRequestMessage .

private void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs redirectingToIdentityProviderEventArgs)
    var msg = redirectingToIdentityProviderEventArgs.SignInRequestMessage;
    var password = "SomeWayToGenerateThePasswordHere";

    var hash = SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(password));

    redirectingToIdentityProviderEventArgs.SignInRequestMessage.Parameters.Add("challenge", Convert.ToBase64String(hash));

Now, with OWIN, the authentication is done using the new Identity middleware. The OWIN middleware is configured in an OWIN Startup class. We are passed the IAppBuilder interface, and through the WSFederation extensions, we can configure the new authentication middleware. This extension method accepts a WsFederationAuthenticationOptions  parameter. This is where the magic can happen:

    new WsFederationAuthenticationOptions
        MetadataAddress = "locationOfMetadata",
        Wtrealm = "http://localhost/MyApplication",

        Notifications = new WsFederationAuthenticationNotifications()
            RedirectToIdentityProvider = nx =>
                nx.ProtocolMessage.SetParameter("ourParameter", "theValue");

                return Task.FromResult(0);

All in all, it's much easier and much more clean now.

Coming up, an introduction and explanation of OWIN. Also, if you're coming to NT Conference this year (back in Portorož, by the way \o/), I'll be giving a talk about the real-world usage of Owin. Expect to see the above use case mentioned.

Show Comments
Mastodon Verification