Subject: FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie does not set IsAuthent
Date: 2016-06-17 04:28:50
From: Harshitha K
Source: federatedauthentication-sessionauthenticationmodule-writesessiontokentocookie-not-set-isauthent
----------------------------------------------------------------------

I am working on SAML 2.0. I have forms authentication enabled in IDP. When a authentication request is made from SP to IDP, the request is authenticated using forms authentication in IDP. Following is the code that sets the cookie
 
 
   [code lang='c#']if (Membership.ValidateUser(model.UserName, model.Password))
      { 
        FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(GetSecurityTokenForFormsAuthentication(model.UserName));
      }
 
    private static SessionSecurityToken GetSecurityTokenForFormsAuthentication(string user)
            {
                var claims = new[]
                            {                            
                                new Claim(ClaimTypes.Name, user)
                };
    
                //TODO: Fetch roles from database based on appID
                var identity = new ClaimsIdentity(claims, "Forms");
                var principal = new ClaimsPrincipal(identity);
                return new SessionSecurityToken(principal);
            }[/code]
            
After the cookie is set, the response is sent back to SP but the Context.IsAuthenticated is false in SP. 
 
Whereas if i set the cookie using the following code and send the response to SP, then Context.IsAuthenticated is set true in SP
 
     [code lang='c#']if (Membership.ValidateUser(model.UserName, model.Password))
            { 
              FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
            }[/code]
 
Can anyone tell me why the Context.IsAuthenticated is set false when the cookie is set using FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie?
---------------------------------------------------------------------- Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor who sold you the license and ask for your money back. Back to ComponentPro Q&A Forum Index