Handles the HttpApplication.AuthenticateRequest event from the ASP.NET pipeline.
Assembly: System.IdentityModel.Services (in System.IdentityModel.Services.dll)
The method performs the following:
Calls the CanReadSignInResponse(HttpRequestBase) method to determine whether a WS-Federation sign-in response message ("wsignin1.0") has been received. If the response is a WS-Federation sign-out clean-up request ("wsignoutcleanup1.0"), CanReadSignInResponse(HttpRequestBase) processes the message, terminates the request and redirects the client according to the WS-Federation parameters in the request. If the message is not a sign-in response or a sign-out clean-up request, the module just returns; otherwise it performs the following steps to process the sign-in response.
Raises the SecurityTokenReceived event. You can cancel further processing or modify the received security token in a handler for this event. A handler is typically used to modify the SecurityToken.ValidFrom or SecurityToken.ValidTo properties.
Validates the security token and creates a ClaimsPrincipal object from the claims in the security token.
Raises the SecurityTokenValidated event. You can cancel further processing or modify the claims principal in a handler for this event.
Uses the configured session authentication module (SAM) to create a SessionSecurityToken object. (The configured SAM is the SessionAuthenticationModule object returned by the FederatedAuthentication.SessionAuthenticationModule property.) The session token is created by using the claims principal returned in step 5. The SessionSecurityToken.ValidFrom and SessionSecurityToken.ValidTo properties are set by using the ValidFrom and ValidTo properties of the SecurityToken returned in step 3 and are validated against the current time and the token lifetime specified by either the DefaultTokenLifetime or the TokenLifetime property of the SessionSecurityTokenHandler object in the token handler collection being used by WSFAM. The token lifetime on the session token handler can be specified in configuration through the <sessionTokenRequirement> element. Note: The PersistentSessionLifetime property on the cookie handler configured for the SAM is not used.
Calls the SetPrincipalAndWriteSessionToken method with the session token to write the session cookie. The SetPrincipalAndWriteSessionToken method first raises the SessionSecurityTokenCreated event. You can change properties on the session token or change whether the cookie should be persisted in a handler for this event. After the event is raised, the method then writes the cookie using the SAM.
The SessionSecurityTokenHandler set in configuration is not used to write the cookie.
Calls the GetReturnUrlFromResponse method to get the RP page to which to redirect the client. By default, this method reads the return URL from the wctx parameter in the sign-in response. For more information about how WSFAM stores the return URL, see the CreateSignInRequest method.
- Full trust for the immediate caller. This member cannot be used by partially trusted code. For more information, see Using Libraries from Partially Trusted Code.
Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.