I recently setup OWIN WsFederation in my app, but I needed a way to perform an additional check against my local database to validate the user. For example the user authenticating from the STS may not be allowed to authenticate to the app, because of their department, etc. So in order to perform this additional authorization check I needed to setup a “notification”. In this case the notification is called “SecurityTokenValidated”, here is a sample implementation:

app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
    {
    Wtrealm = AppSettings.IdpRealm,
    MetadataAddress = AppSettings.IdpMetadata,                 

    Notifications = new WsFederationAuthenticationNotifications
    {
        // check and create additional claims
        SecurityTokenValidated = notification =>
        {
            // identity object to access claims from IDP
            var identity = notification.AuthenticationTicket.Identity;
            
            return Task.FromResult(null);
        }
    }
});
					
					

										

																		

							By |June 20th, 2016|Coding|0 Comments						

												

							Read More						

											

									
			
					
			
			
	
					
			

		

			

				

					
Copyright 2020 Gordon Durgha | All Rights Reserved