Is it possible to get ACS claims without editing web.config?

Asked 27/2, 2012 at 22:13 Answered 25/10, 2019 at 20:3

Solved c#azure wif claims-based-identity acs

Is it possible to set up the realm URL, claim types, etc for azure ACS without editing the web.config? Can you set up these required elements programmatically somehow?

EDIT: Specifically I want to get rid of this:

<federatedAuthentication>
    <wsFederation passiveRedirectEnabled="true" issuer="https://mynamespace.accesscontrol.windows.net/v2/wsfederation" realm="http://localhost:81/" requireHttps="false" />
</federatedAuthentication>

Basically, I don't want the realm being specified in the web config, but rather in code somewhere. I've tried overriding ClaimsAuthenticationManager and commenting out the portions to the code related to FederatedAuthentication. My overridden authenticate code is hit, but it doesn't contain any claims. I'm assuming that this is because FederatedAuthentication is an intermediary which performs its own authentication before it gets to the overridden ClaimsAuthenticationManager normally. Is there a way to override the FederatedAuthentication portion in a similar manner? Or is there information passed into the overridden authenticate method that I can use to perform my own authentication?

Uranous answered 27/2, 2012 at 22:13 Comment(0)

To remove that xml line from the web config, I made my own WSFederationAuthenticationModule overriding the old one, like so:

public class CustomWSFederationAuthenticationModule : WSFederationAuthenticationModule
{
    protected override void InitializePropertiesFromConfiguration(string serviceName)
    {
        this.Realm = "http://localhost:81/";
        this.Issuer = "https://acsnamespace.accesscontrol.windows.net/v2/wsfederation";
        this.RequireHttps = false;
        this.PassiveRedirectEnabled = true;
    }
}

And the important part of the web.config:

<modules runAllManagedModulesForAllRequests="true">
  <add name="WSFederationAuthenticationModule" type="CustomModuleLocation.CustomWSFederationAuthenticationModule, CustomModuleLocation" preCondition="managedHandler"/>
  <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>

Also the federatedAuthentication section of the XML is removed entirely.

Uranous answered 2/3, 2012 at 16:4 Comment(0)

Yes, FedUtil does this. It's a utility that comes with the Windows Identity Foundation (WIF) SDK and you can invoke it from visual studio.

http://msdn.microsoft.com/en-us/library/ee517285.aspx

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=4451

EDIT: I may have misunderstood your question. FedUtil is a utility that configures your web.config for you. If instead you want to configure your application in code, that's also possible. The WIF documentation on MSDN should demonstrate how to do this:

http://msdn.microsoft.com/en-us/library/ee766446.aspx

Wrecker answered 28/2, 2012 at 20:39 Comment(1)

The second thing is more what I was looking for. I found this page on custom token handlers: msdn.microsoft.com/en-us/library/ee517261.aspx to be very helpful. – Uranous 29/2, 2012 at 16:21

Handle FederationConfigurationCreated event of FederatedAuthentication class, e.g. in Application_Start of Global.asax:

void Application_Start(object sender, EventArgs e)
{
    FederatedAuthentication.FederationConfigurationCreated += FCC;
}

private void FCC(object sender, FederationConfigurationCreatedEventArgs e)
{
    e.FederationConfiguration.WsFederationConfiguration.PassiveRedirectEnabled = true;
    e.FederationConfiguration.WsFederationConfiguration.Issuer = "https://mynamespace.accesscontrol.windows.net/v2/wsfederation";
    e.FederationConfiguration.WsFederationConfiguration.Realm = "http://localhost:81/";
    e.FederationConfiguration.WsFederationConfiguration.RequireHttps = false;
}

Wenonawenonah answered 25/10, 2019 at 20:3 Comment(0)

Recommended topics

Hot tags