shinkathe

@if (User.Identity.IsAuthenticated)
{
    <p>Hello, you're now authenticated as a Forms Authenticated user. What about if we look at your claims?</p>
    var s = (ClaimsIdentity)User.Identity;
    var name = s.FindFirst(ClaimTypes.Name).Value;
    <p>*Poof* Done, and from the claims identity we can decipher that you logged in as @name</p>
}

shinkathe

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.IdentityModel;
using System.IdentityModel.Claims;
using System.IdentityModel.Services;
using System.Diagnostics;

shinkathe

// Deserialize the incoming WsFederation request into an object
var wsFederationMessage = WSFederationMessage.CreateFromUri(Request.Url);
// Write out all the stuff we got inside that request
Trace.Write(String.Join("\n", wsFederationMessage.Parameters.Select(i => String.Format("Found a key {0} with value {1}", i.Key, i.Value))));     

shinkathe

<authorization>
  <deny users="?" />
</authorization>
<authentication mode="None" /

shinkathe

<system.web>
  <httpModules>
    <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  </httpModules>
</system.web>

<system.webServer>
  <validation validateIntegratedModeConfiguration="false" />
  <modules runAllManagedModulesForAllRequests="true">

shinkathe

<system.identityModel>
  <identityConfiguration>
    <audienceUris>
      <add value="http://localhost:59820/" /> <!--Change this to match your business app's url -->
    </audienceUris>
    <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
      <trustedIssuers>
        <add thumbprint="1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ1234" name="YourSTSName" />
      </trustedIssuers>
    </issuerNameRegistry>

shinkathe

<system.web>
  <authentication mode="Forms">
    <forms loginUrl="/login" />
  </authentication>
  <authorization>
    <deny users="?"/>
  </authorization>
</system.web>

shinkathe

var contosoUserStore = new ContosoUserStoreService(_connectionString);
var contosoUser = contosoUserStore.GetUser(username, password);
var ci = new ClaimsIdentity(AuthenticationTypes.Federation);
ci.AddClaim(new Claim(ClaimTypes.Name, contosoUser.Name));
ci.AddClaim(new Claim("http://contosouserstore.com/claims/userId", contosoUser.UserId));

shinkathe

// Let's create a mock identity - in the real scenario we'd build this identity against some auth store
var ci = new ClaimsIdentity(AuthenticationTypes.Federation);
ci.AddClaim(new Claim(ClaimTypes.Name, "test"));
var claimsPrincipal = new ClaimsPrincipal(ci);

shinkathe

public class CustomTokenService : SecurityTokenService
{
    public CustomTokenService(SecurityTokenServiceConfiguration config) : base(config)
    {
    }

    protected override ClaimsIdentity GetOutputClaimsIdentity(ClaimsPrincipal principal, System.IdentityModel.Protocols.WSTrust.RequestSecurityToken request, Scope scope)
    {
        return principal.Identity as ClaimsIdentity;
    }