tags:

views:

61

answers:

0

I am currently implementing a Federated Authentication solution using: A passive STS for issuing tokens, a Website hosting a Silverlight application and WCF services for the Silverlight App.

So far I am able:

  • Get redirected to the STS
  • Login and get redirected to the Website
  • Display the claims on the website by accessing HttpContext.Current.User.Identity as IClaimsIdentity;

on the web.config of the Website, I have added the two WIF modules needed (under IIS 7)

<modules runAllManagedModulesForAllRequests="true">

        <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/>
        <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/>

    </modules>

I have also configured the Microsoft.IdentityModel section of the web.config to use my own implementation of ClaimsAuthenticationManager and ClaimsAthorizationManager.

<service name="Rem.Ria.PatientModule.Web.WebService.PatientService">
        <claimsAuthenticationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthenticationManager"/>
        <claimsAuthorizationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthorizationManager"/>
      </service>

My ClaimsAuthenticationMAnager is simply setting the Thread.CurrentPrincipal is a valid Principal is provided.

class RemClaimsAuthenticationManager : ClaimsAuthenticationManager
    {
        public override IClaimsPrincipal Authenticate ( string resourceName, IClaimsPrincipal incomingPrincipal )
        {

            if ( incomingPrincipal.Identity.IsAuthenticated )
            {
                Thread.CurrentPrincipal = incomingPrincipal;
            }
            return incomingPrincipal;
        }
    }
}

The problem is that when my ClaimsAuthorizationManager is called, the context.Principal.Identity does not contain a valid Identity with Claims, and neither does the Thread.CurrentPrincipal.

Any ideas?