About Andras Nemes
I'm a .NET/Java developer living and working in Stockholm, Sweden.

11 Responses to Claims-based authentication in .NET4.5 MVC4 with C#: External authentication with WS-Federation Part 3 Various advanced topics

  1. Ashish says:

    Hi, thanks for your great post………….
    In your previous post. “Claims-based authentication in MVC4 with .NET4.5 C# part 2: storing authentication data in an authentication session” you mentioned this function.
    private void CreateSession(ClaimsPrincipal transformedPrincipal)
    SessionSecurityToken sessionSecurityToken = new SessionSecurityToken(transformedPrincipal, TimeSpan.FromHours(8));

    So my question is, if i am using WSfederation. do i need to update this “FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken);” If yes, then what i need to replace it with.

    thanks in advance

    • Andras Nemes says:

      Hi Ashish,
      If I understood your question correctly then you’ll find the answer in the blog post after this one:
      External authentication with Claims and WS-Federation in MVC4 .NET4.5 Part 4: Single SignOut and Single SignOn

  2. Anders says:

    Hello Andras,

    There is a small typo regarding putting the login-link in the Index.cshtml at the end of the post.
    It says: Log in here!
    But I guess it should be: Log in here!

  3. reddy says:

    Hi, I am using my company provided STS authentication. I am getting error as below for simple web page. Appreciate any help on this.

    Server Error in ‘/’ Application.

    Value cannot be null.
    Parameter name: username
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.ArgumentNullException: Value cannot be null.
    Parameter name: username

    Source Error:

    Line 86: //}
    Line 87:
    Line 88: foreach (Claim claim in currentPrincipal.Claims)
    Line 89: {

  4. eeidfn says:

    Hi Andras,

    I would like to get a token from an ADFS 3.0 STS endpoint using username/password using .NET4.5 and pass the token to a trusted RP (workday). What ADFS endpoint should I use and should I be asking my administrator for the workday/ADFS certificate?

    As I understand it, the STS and RP have mutual trust, but is the mutual trust required between STS client and STS? If not, what endpoint should I be using?

    The RP is the workday site and I am not sure if they support active SAML tokens. They do support browser based passive federation with ADFS. The problem I am trying to work around is the extra ADFS login screen.


  5. Balu says:

    Hi Andras,

    Do you have a sample for this which we can download ?


  6. Techbits says:

    Hello Andras,
    Your blog is a one of the best things on internet for people like me who are starting with Claims based authentication. I highly appreciate your articles. THANK YOU

    This article has helped me setup and configure ws-fed to use an external IP, however how can an application manage Claims internally by itself? e.g. My application has to use an external IP for authentication and receives claims from the IP however, the administrator of the application wants to manage the Roles/Claims within the application. How can this be implemented with an external IP?

    I am guessing, the application will still have to implement a UserManager / UserStore which kicks in after the authentication to check if the user is already in a local db otherwise create it. and then the administrator can assign the Claims to the specified user. However I do not know where this code will go?

    Do you have any suggestions.

  7. Kumar says:

    Hi, I really appreciate the detailed explanation that was put out here. I was wondering if I need to deploy my claims based authentication application in a web farm is it enough to use machinekeysessionsecuritytokenhandler and provide the section with valid keys or do we need to provide distributed caching for sessionsecuritytokencache as well? If my sessiontoken.IsReferencemode = false. Then we don’t need to provide distributed cache for our sessionsecuritytoken right? Please advice


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Elliot Balynn's Blog

A directory of wonderful thoughts

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog


Once Upon a Camayoc

Bite-size insight on Cyber Security for the not too technical.

%d bloggers like this: