I have ASP.NET MVC 4 applications (STS and RP) that use WIF 4.5 for authentication. STS application has custom security token service and Relying Party calls STS to get authentication, that part works normally, but I don't want to use cookie to store my token data, so I set up events in Global.asax in order to use session to store the data, but I cannot get FederatedAuthentication events fire that would do the job.
In debug mode Global.asax Application_Start method gets invoked and registers all of the events I need, but none of them are called when they are supposed to be called. The strange thing is that they used to work, but suddenly they just stopped firing and I don't know why, since I didn't change anything. I've set up Application_Error method in Global.asax and I get no errors at all and also there is nothing in Windows event logs.
What can be wrong in my configuration? How can I investigate the problem?
Web.config
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<system.web>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None"></authentication>
<httpRuntime targetFramework="4.5" />
<httpModules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</httpModules>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<certificateValidation certificateValidationMode="None" />
<audienceUris>
<add value="http://www.rp.com/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="*thumbprint*" name="CertificateName" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" />
<wsFederation passiveRedirectEnabled="true" issuer="http://www.sts.com/" realm="http://www.rp.com/" reply="http://www.rp.com/" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>
</configuration>
Global.asax
protected void Application_Start(object sender, EventArgs e)
{
FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += OnSessionSecurityTokenCreated;
}
private void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
}
private void OnSessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
}
The problem is solved. It was my fault.
I created a shared Global.asax class in a separate library and all Relying Party websites were referencing it (just to reduce code duplication). RP website gets started, its own Global.asax Application_Start gets called and then base class's Application_Start gets called, there events were getting registered.
public class GlobalHttpApplication : HttpApplication
{
protected virtual void Application_Start(object sender, EventArgs e)
{
FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += OnSessionSecurityTokenCreated;
}
private void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
}
private void OnSessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
}
}
public class RelyingPartyHttpApplication : GlobalHttpApplication
{
protected override void Application_Start(object sender, EventArgs e)
{
base.Application_Start(sender, e);
}
}
I don't really understand why events don't fire, since the Federation Module hasn't been lost nor modified, but for some reason events registered in a different library don't fire.
So my working Global.asax class looks as follows:
public class RelyingPartyHttpApplication : HttpApplication
{
protected void Application_Start()
{
FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += OnSessionSecurityTokenCreated;
}
private void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
}
private void OnSessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
}
}