Securing Static Resources with Windows Azure Active Directory Authentication

Securing Static Resources with Windows Azure Active Directory Authentication

Rate This
  • Comments 1

Visual Studio 2013 RC has a very useful feature of creating new ASP.NET application that are configured with Windows Azure Active Directory authentication. You can read more about it here

If you open web.config file of such project that is secured with Windows Azure Active Directory, you will see following section:

Code Snippet
  1. <modules>
  2.       <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
  3.       <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
  4.     </modules>

As you might know, WSFederationAuthenticationModule is the one that is responsible for authenticating incoming requests. However, this module runs only for those requests that go through ASP.NET pipeline. To enable it for all the incoming requests, including those for static files like images, you will have to enable RAMMFAR setting as below:

Code Snippet
  1. <modules runAllManagedModulesForAllRequests="true">

This way you can secure your entire application with WSFederationAuthenticationModule.

Note that RAMMFAR generally has performance implications. It should be turned on only if static resources in a website need to be secured with Windows Azure Active Directory authentication.

Leave a Comment
  • Please add 7 and 6 and type the answer here:
  • Post
  • Thanks was just trying to figure this out.  My application is secure now!

Page 1 of 1 (1 items)