public void Photograph()
public void Photograph()

A dad and a software architect with a passion for photography and music. These are my thoughts and opinions, sometimes accompanied by code and photos.

A proud father, enthusiastic guitarist and passionate software engineer, geeking out in the cloud. Briefly a Microsoft MVP for Azure before forfeiting the title when I joined Microsoft UK.

Share


Twitter


Sign-In parameters for WS-Federation when using OWIN

We are using OWIN to configure our WS-Federation, and our identity server requires sending certain parameters with the Sign In Request Message. In the old days…

Anže VodovnikAnže Vodovnik

We are using OWIN to configure our WS-Federation, and our identity server requires sending certain parameters with the Sign In Request Message. In the old days that meant adding a well-known method to the Global.asax file. Using Owin, this has to be done slightly differently.

The important part for this was the ability to intercept the message before it is sent to the identity provider. To do that, we actually have to create a method with a predefined name WSFederationAuthenticationModule_RedirectingToIdentityProvider that will get automagically called by the application runtime. In it, we get access to the SignInRequestMessage .

private void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs redirectingToIdentityProviderEventArgs)
{
    var msg = redirectingToIdentityProviderEventArgs.SignInRequestMessage;
    var password = "SomeWayToGenerateThePasswordHere";


    var hash = SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(password));


    redirectingToIdentityProviderEventArgs.SignInRequestMessage.Parameters.Add("challenge", Convert.ToBase64String(hash));
}

Now, with OWIN, the authentication is done using the new Identity middleware. The OWIN middleware is configured in an OWIN Startup class. We are passed the IAppBuilder interface, and through the WSFederation extensions, we can configure the new authentication middleware. This extension method accepts a WsFederationAuthenticationOptions  parameter. This is where the magic can happen:

app.UseWsFederationAuthentication(
    new WsFederationAuthenticationOptions
    {
        MetadataAddress = "locationOfMetadata",
        Wtrealm = "http://localhost/MyApplication",


        Notifications = new WsFederationAuthenticationNotifications()
        {
            RedirectToIdentityProvider = nx =>
            {
                nx.ProtocolMessage.SetParameter("ourParameter", "theValue");


                return Task.FromResult(0);
            }
        }
    });

All in all, it's much easier and much more clean now.

Coming up, an introduction and explanation of OWIN. Also, if you're coming to NT Conference this year (back in Portorož, by the way \o/), I'll be giving a talk about the real-world usage of Owin. Expect to see the above use case mentioned.

A proud father, enthusiastic guitarist and passionate software engineer, geeking out in the cloud. Briefly a Microsoft MVP for Azure before forfeiting the title when I joined Microsoft UK.

View Comments