What makes the FederatedAuthentication.SessionAuthenticationModule return NULL?

Asked 9/7, 2013 at 19:46 Answered 19/1, 2018 at 17:43

Solved c#security wif federated-identity

I'm not sure why but my FederatedAuthentication.SessionAuthenticationModule is resolving as NULL and crashing my app when I try to run my ClaimsTransformer() module:

    public void EstablishSession(ClaimsPrincipal principal)
    {
        var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromHours(8))
        {
            IsPersistent = false, // make persistent
            IsReferenceMode = true // cache on server
        };


        FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
       // FederatedAuthentication.SessionAuthenticationModule == null and I throw an error :(
    }

Here's what's in my web.config:

<configSections>
  <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
  <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<system.web>
  <authentication mode="None" />
</system.web>
<system.webServer>
  <modules runAllManagedModulesForAllRequests="true">
    <remove name="RoleManager" />
    <remove name="FormsAuthentication" />
    <remove name="SessionAuthenticationModule" />
    <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  </modules>
</system.webServer>
<system.identityModel>
  <identityConfiguration>
    <claimsAuthenticationManager type="Web.Infrastructure.Authentication.ClaimsTransformer, Web" />
  </identityConfiguration>
</system.identityModel>
<system.identityModel.services>
  <federationConfiguration>
    <cookieHandler requireSsl="false" />
  </federationConfiguration>
</system.identityModel.services>

This is driving me crazy as I have the code running in a (proof of concept) project without any problems, and appears is all I need to get this functionality working, but for some strange reason, when I try to implement in our real project, my FederatedAuthentication.SessionAuthenticationModule is always NULL.

What am I missing here? Any Ideas? Why is the SessionAuthenticationModule not initializing correctly?

Overtire answered 9/7, 2013 at 19:46 Comment(2)

Why you add three 'remove' node before adding SessionAuthenticationModule? – Bailly 10/7, 2013 at 9:18

In case the setting was added somewhere else in the .config chain. Removing then added I've seen before, and since my code was not working, I was trying everything... – Overtire 10/7, 2013 at 14:46

I'm having almost same behavior with already-working project and FederatedAuthentication.WSFederationAuthenticationModule.

Problem solved my switching from IIS Express to full IIS (bad merge of for project file).

Also you can try to add this module not only to a section, but :

<system.web>
<httpModules>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

You may refer to this MSDN article for a sample.

Bailly answered 16/7, 2013 at 11:55 Comment(2)

Yes.. I discovered the Casini problem just the other day, only by chance as another developer was using IIS, and needed to change the port locally on the project and it got checked into TFS :) – Overtire 16/7, 2013 at 17:24

IIS Express (or full IIS) works for me, just not the Visual Studio Development Server ("Cassini"). – Eternize 24/1, 2014 at 15:11

I've been having this problem and just solved it by adding the following to my web.config. Worth a try if anyone else is having the same problem.

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="FormsAuthenticationModule" />
      <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"></add>
    </modules>
  </system.webServer>

Hupp answered 6/3, 2015 at 23:32 Comment(0)

Check your web.config:

<configSections>
   <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
   <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>

<system.webServer>
   <modules>
      <add name="SessionAuthenticationModule" 
            type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
   </modules>
</system.webServer>

<system.identityModel.services>
   <federationConfiguration>
      <cookieHandler requireSsl="false" />
   </federationConfiguration>
</system.identityModel.services>

Haywire answered 19/1, 2018 at 17:43 Comment(0)

Recommended topics

Hot tags