kamagra how much to take

Testing Whether ADFS User Is Authenticated

I have been working with ADFS claims more and more at work, habitually trying to bridge some of the gaps natively built in between the ADFS and MOSS platform (noticeably visible when working with MOSS specific user and security features like Profiles). Also, numerous colleagues have been using ADFS in their environments as it is becoming a standard for SSO, which leads to typical development hurdles coming up. One of my friends asked me a pretty simple question this morning, how can I test whether an ADFS user has been authenticated?

When developing against ADFS, you will be making heavy use of SingleSignOnIdentity objects since they are representative of the ADFS claim information regarding the current user. The SingeSignOnIdentity object is sustained through the ADFS HttpModule. You can find the reference to this module in your SharePoint (or whatever ASP.NET application you are coupling ADFS with) web by establishing the following reference:

  1. <add name="Identity Federation Service Logon Server Authentication Module" type="System.Web.Security.SingleSignOn.WebSsoAuthenticationModule, System.Web.Security.SingleSignOn, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35, Custom=null" />

To create a new object of SingleSignOnIdentity type, you will build it as such:

  1. SingleSignOnIdentity ssoi = [Identity] as SingleSignOnIdentity

Within the SingleSignOnIdentity object, there are assortments of practical and informative properties. You can view these claim security properties by iterating through the SecurityPropertyCollection of the SingleSignOnIdentity object, which contains the related SecurityProperties. Therefore, your loop takes on simple structure (in the below I am assuming for standard output that we are just using an HtmlTextWriter in something like the RenderContents method):

  1. foreach (SecurityProperty sp in ssoi.SecurityPropertyCollection)
  2. {
  3. writer.Write(sp.Name);
  4. }

However, one of the more common actions that people are taking because the default claim structure is quite limiting is to append custom claim information. This is principally evident when people are trying to interrogate as much information from the user as possible in order to populate SharePoint data, such as Profiles. In order to interrogate custom properties from a claim, you are going to leverage the GetCustomProperties method off the SecurityPropertyCollection, passing in the property name you wish to query against.

  1. SecurityProperty securityproperty =  ssoi.SecurityPropertyCollection.GetCustomProperties("PropertyName")[0];

Now that we know a little bit about generic claims programming and their related properties, let’s return to producing the SingleSignOnIdentity object again real quick. Most often, this is simply done statically in the following way:

  1. public static SingleSignOnIdentity ssoi
  2. {
  3. get { return (SingleSignOnIdentity)User.Identity; }
  4. }

But what if you wanted to get the SingleSignOnIdentity object for the current thread? This will look like this:

  1. public static SingleSignOnIdentity ssoi
  2. {
  3. get { return (SingleSignOnIdentity) Thread.CurrentPrincipal.Identity; }
  4. }

Either way, you will end up with a hydrated SingleSignOnIndentity object.

Back to the original question, how one can I get whether an ADFS user is authenticated. This simply takes on the form of:

  1. public static bool ReturnGlobalADFSFlag(SingleSignOnIdentity ssoi)
  2. {
  3. try
  4. {
  5. return ssoi.IsAuthenticated;
  6. }
  8. catch
  9. {
  10. return false;
  11. }
  12. }

Passing in the SingleSignOnIdentity object that we wish to test against, we just use the IsAuthenticated property to see if the user is authenticated!


No Comments


  1. FuzzLinks.com » SharePoint Shelter » Blog Archive » Testing Whether ADFS User Is Authenticated - [...] http://www.sharepointsecurity.com/blog/sharepoint/sharepoint-2007-development/testing-whether-adfs-user-is-authenticated/ [...]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>