Using ASP.NET MVC and Shibboleth Authentication

Categories: ASP.NET MVC

If you’re using Shibboleth as your resource authentication method, there’s a few things you need to do in order to use it effectively with ASP.NET MVC.

The first thing to do is to configure routing correctly.  Shibboleth uses a special route against your website that is intercepted by the ISAPI filter that is part of the Shibboleth install on your web server.  However, in integrated pipeline mode, your application will receive these Shibboleth requests and won’t know what to do with them and issue a 404 not found.  The solution is to ignore the routes that Shibboleth uses and let them pass through to the Shibboleth system:



The ‘routes’ variable is a RouteCollection type passed to your RegisterRoutes() method in the RouteConfig.cs file of an MVC 4 project.  This ensures that the Shibboleth routes are never processed by your application.

The second thing is to turn off all authentication for your web site.  Since Shibboleth’s single sign-on is going to handle protecting your resources, you will not need to configure any authentication in your web.config or in IIS.  Instead, you will configure it with your shibboleth2.xml file.

No Comments