I am currently implementing a Federated Authentication solution using: A passive STS for issuing tokens, a Website hosting a Silverlight application and WCF services for the Silverlight App.
So far I am able:
- Get redirected to the STS
- Login and get redirected to the Website
- Display the claims on the website by accessing
HttpContext.Current.User.Identity as IClaimsIdentity;
on the web.config of the Website, I have added the two WIF modules needed (under IIS 7)
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/>
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/>
</modules>
I have also configured the Microsoft.IdentityModel section of the web.config to use my own implementation of ClaimsAuthenticationManager and ClaimsAthorizationManager.
<service name="Rem.Ria.PatientModule.Web.WebService.PatientService">
<claimsAuthenticationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthenticationManager"/>
<claimsAuthorizationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthorizationManager"/>
</service>
My ClaimsAuthenticationMAnager is simply setting the Thread.CurrentPrincipal is a valid Principal is provided.
class RemClaimsAuthenticationManager : ClaimsAuthenticationManager
{
public override IClaimsPrincipal Authenticate ( string resourceName, IClaimsPrincipal incomingPrincipal )
{
if ( incomingPrincipal.Identity.IsAuthenticated )
{
Thread.CurrentPrincipal = incomingPrincipal;
}
return incomingPrincipal;
}
}
}
The problem is that when my ClaimsAuthorizationManager is called, the context.Principal.Identity does not contain a valid Identity with Claims, and neither does the Thread.CurrentPrincipal.
Any ideas?