WSFederationAuthenticationModule is added to the ASP.NET pipeline by making an entry in the web.config file. It implements IHttpModule, and registers with the ASP.NET runtime to listen for the AuthenticateRequest event. This lets it monitor requests for authentication cookies, and when these cookies are present and valid, to create an instance of IClaimsPrincipal for the authenticated user.

SessionAuthenticationModule monitors requests for authentication cookies. When these cookies are present and valid, the module creates a FederatedIdentity and IPrincipal for the authenticated user and sets the User and CurrentPrincipal properties.

The cookies are written as a result of calling SignIn with a token retrieved via an out-of-band method. SignIn is called automatically by the InformationCard and FederatedPassiveSignIn controls, which retrieve tokens using CardSpace and WS-Federation passive protocols, respectively.

A minimum configuration which enables the module resembles this:

	Copy Code
<configuration> ... <microsoft.identityModel> <federatedAuthentication enabled="true"/> </microsoft.identityModel> ... </configuration>

You must add the module to the system.web or system.webserver element.

Once configured, the WSFederationAuthenticationModule raises events at various stages of processing an HTTP request. ASP.NET developers can handle these events in the global.asax file. For sample code, see How to: Protect Only Certain Parts of a Web Site using the Federated Authentication Module.

Development Platforms

Target Platforms