Mixed Mode Federated authentication and Forms Authentication

Question

I am trying to make a mixed mode authentication to be able to put some users on Federated authentications and others on Forms authentication.

I am working with WIF, I set up my STS and everything is happy, when I am in federated mode by turning off all the authentication this way:

<authorization>
    <deny users="?" />
</authorization>
<authentication mode="None" />

I log in to my main application then when I log in to my side application it will let me log in silently since the session cookie is already generated and the user is authenticated.

but when I use Forms authentication, when I log in to my side application it will take me to the login page which I understand because the user is not authenticated but it seems even with having the session cookie it is not silently redirecting it.

I know that I need to redirect onEndRequest to the STS to authenticate the user and if the user is already authenticated then it will generate FedAuth cookie and and it will log me in silently,

does anybody know how to implement this, I didn't find resources about it when I researched.

Alaa

Answer 1

For all who needs to setup federated user authentication in asp.net app the following link might be extremely helpful:
http://blog.elis-co.com/wif-sso-and-forms-authentication-in-asp-net/

Also http modules included to the config from the link above are outdated. So correct them with ones from the following article:
https://docs.microsoft.com/en-us/dotnet/framework/security/how-to-build-claims-aware-aspnet-web-forms-app-using-wif