Search code examples
asp.netforms-authenticationwif

Using WIF In an existing site with FormsAuthentication

We have a request to allow SSO using AD FS. I have gone through all of the SDK samples and have the RP working in a standalone site, pointing at an AD FS in our domain. I can get the claims to display on the default.aspx page.

Here is what I wanted to do next.. I would like that WIF page to be hosted in our site, as a sub application, have that site write the forms auth ticket, then redirect to our main site. I am assuming since I am inheriting the Forms Auth and machinekey settings from my main site, i don't have a conflict there. Here is what I have..

In the Application_PostAuthenticateRequest event in the global.asax in my WIF site.. (Called WSFedAuthGate) accessable via https://fqdn.com/WSFedAuthGate/Default.aspx

protected void Application_PostAuthenticateRequest(object sender, EventArgs e) {
    System.Web.HttpApplication app = sender as System.Web.HttpApplication;

    if (app.Request.IsAuthenticated && app.User != null && app.User.Identity != null) {
        string name = app.User.Identity.Name;
        FormsAuthentication.SetAuthCookie(name, false);
        // hard code for now..
        app.Response.Redirect("https://fqdn.com/home/asp_main.aspx");
    }

}

The forms auth ticket is written, and i am being redirected to the main site, but the main site is not recognizing the forms auth ticket.. I.e. request.isAuthenticated is false..

Here is the section from the web config from the main site..

<authentication mode="Forms">
  <forms loginUrl="/home/asp_main.aspx" name=".myauth" protection="All" timeout="120" enableCrossAppRedirects="true"/>
</authentication>

and here is the authentication from the WIF sub application..

<authentication mode="None" />
<authorization>
  <deny users="?" />
</authorization>

and later 

<system.webServer>
  <validation validateIntegratedModeConfiguration="false" />
  <modules>
    <remove name="RefreshController" />
    <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
    <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
  </modules>
    <defaultDocument>
        <files>
            <add value="Default.aspx" />
        </files>
    </defaultDocument>
</system.webServer>

There is something simple i'm missing here i just know it.. but I have been scouring the net for a day and a half now..

Solution

  • As it turns out, it was something simple.. In the config section of the root app, both the validationKey and the decryptionKey attributes had the IsolateApps Modifier applied.. aarrgg..