Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
LSAuthenticationModule Class
Collapse the table of content
Expand the table of content

LSAuthenticationModule Class

Implements the Logon Server component of AD FS, which runs on the Federation Service and Federation Service Proxy and is responsible for handling protocol requests to the endpoint URL.

Namespace: System.Web.Security.SingleSignOn
Assembly: System.Web.Security.SingleSignOn (in system.web.security.singlesignon.dll)

The web.config in the application root of Federation Service or Federation Service Proxy should register this HttpModule. Such a registration looks like this:

            <add name="AD FS Endpoint Module" type="System.Web.Security.SingleSignOn.LSAuthenticationModule, System.Web.Security.SingleSignOn, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35, Custom=null" />

While handling the BeginRequest and EndRequest events, LSAuthenticationModule constructs an LSAuthenticationObject which processes the WS-Federation Passive Client message, performing all the necessary cookie, query string and HTTP POST message processing. If the LSAuthenticationModule cannot fully process the message and a HTTP 302 or Jscript POST form is returned, then the request flows to the appropriate Web application form (such as to the credentials collection or to the home realm discovery). In this case, the LSAuthenticationModule adds the LSAuthenticationModule reference to the application context. This can be retrieved using the Current property.


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Development Platforms

Target Platforms

Windows Server 2008, Windows Server 2003, Windows Vista, Windows Server 2003 R2, Windows XP
Footer image

Send comments about this topic to Microsoft.

Community Additions

© 2015 Microsoft