I recently setup OWIN WsFederation in my app, but I needed a way to perform an additional check against my local database to validate the user. For example the user authenticating from the STS may not be allowed to authenticate to the app, because of their department, etc. So in order to perform this additional authorization check I needed to setup a “notification”. In this case the notification is called “SecurityTokenValidated”, here is a sample implementation:

new WsFederationAuthenticationOptions
    Wtrealm = AppSettings.IdpRealm,
    MetadataAddress = AppSettings.IdpMetadata,                 

    Notifications = new WsFederationAuthenticationNotifications
        // check and create additional claims
        SecurityTokenValidated = notification =>
            // identity object to access claims from IDP
            var identity = notification.AuthenticationTicket.Identity;
            return Task.FromResult(null);
By |June 20th, 2016|Coding|0 Comments