SignOnRequestParameters::ForceAuthentication Property
Gets or sets a value that specifies whether the principal must be authenticated directly by the IdP for this request.
Assembly: Microsoft.IdentityServer (in Microsoft.IdentityServer.dll)
Property Value
Type: System::Booleantrue if the principal should be explicitly authenticated by the IdP for this request; otherwise false. The default is false.
If the ForceAuthentication property is true, Active Directory® Federation Services (AD FS) 2.0 forces the user to authenticate, even if a session already exists. The user is authenticated using one of the handlers configured under the <localAuthenticationTypes> element in web.config, according to the authentication requirements imposed by the RequestedAuthenticationContext property. For more information, see IdpInitiatedSignOnPage Class Overview.
Note |
|---|
The ForceAuthentication property and the IsPassive property are mutually exclusive. If one of these properties is set to true, the other should be false. |
The default implementation of the AD FS 2.0 Sign-In Pages does not contain support for setting the ForceAuthentication property; however, you can modify IdpInitiatedSignOn.aspx, IdpInitiatedSignOn.aspx.cs, or both to provide this functionality through a query string parameter or through UI elements. For more information, including a code sample, see IdpInitiatedSignOnPage Class Overview.
