wif

I have an interesting problem with trying to keep track of expired WIF authentication sessions/cookies. As a bit of background: the site is MVC 3, uses Windows Identity Foundation (WIF) that has a trust with an ADFS server as an STS. The entire site is protected by SSL. The STS has the token expiry set to 60 minutes. When a user signs out manually, we just simply call the SignOut method on the FedAuth module: FederatedAuthentication.WSFederationAuthenticationModule.SignOut(false); This of course removes the FedAuth cookies, but here's where the problem starts. If I capture those cookies with

I'm in the process of getting my head round using AD FS to authenticate a user in a .NET 4.5 app. I can't find any examples of requesting/receiving the token from a console app and converting that token into a ClaimsPrinciple. The only examples I can find are WCF configuration based and I would really like to see the actual code that can do this in it's simplest form. I've installed AD FS and think I've got it configured ready to receive requests. I've created a relying party, given it a key and assigned a couple of claims to it. Can anyone point me in the right direction or what I need to do

I've been using WIF to authenticate our new website, the STS is based upon the starter-sts implementation. To enable this to work correctly on out load balanced environment I've used the following in the global.asax to override the default certificate behaviour. void onServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e) { List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[] { new DeflateCookieTransform(), new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate), new RsaSignatureCookieTransform(e

Can anyone point to sample code for actively issuing a RequestSecurityToken using the NT credentials of the Thread.CurrentPrincipal as ClaimsPrincipal ? The scenario is an asp.net web app with windows authentication enabled (so there is an authenticated WindowsIdentity). My desire is to call the STS actively rather than enabling passiveRedirect, and to do this using the .Net 4.5 identity libraries. Most code samples, such as Claims Helper for Windows Phone or Using an Active STS set the credentials with a username/pwd input and UserNameWSTrustBinding. I thought the solution might involve

I have a WCF service which has its Thread.CurrentPrincipal set in the ServiceConfiguration.ClaimsAuthorizationManager . When I implement the service asynchronously like this: public IAsyncResult BeginMethod1(AsyncCallback callback, object state) { // Audit log call (uses Thread.CurrentPrincipal) var task = Task<int>.Factory.StartNew(this.WorkerFunction, state); return task.ContinueWith(res => callback(task)); } public string EndMethod1(IAsyncResult ar) { // Audit log result (uses Thread.CurrentPrincipal) return ar.AsyncState as string; } private int WorkerFunction(object state) { // perform

We're getting the exact same error as in this thread ... in our production environment. [ WIF Security Token Caching Does anybody have a fix to this error ? Message: ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context. Here is some info about our setup: • We‘re using built-in Windows Identity Framework with .NET Framework 4.5.1 • The problem is almost always associated with changing from RelyingParty#X over to RelyingParty#Y ( e.g. the moment user clicks the RP#Y he‘s SIGNED OUT without asking for it ) – when he logs in

Is it possible to set up the realm URL, claim types, etc for azure ACS without editing the web.config? Can you set up these required elements programmatically somehow? EDIT: Specifically I want to get rid of this: <federatedAuthentication> <wsFederation passiveRedirectEnabled="true" issuer="https://mynamespace.accesscontrol.windows.net/v2/wsfederation" realm="http://localhost:81/" requireHttps="false" /> </federatedAuthentication> Basically, I don't want the realm being specified in the web config, but rather in code somewhere. I've tried overriding ClaimsAuthenticationManager and commenting