Force the call to the ClaimsAuthenticationManager

May 10, 2012 at 3:53 PM

Hi,

I went through the implementation of BlobShare and one specific code block caught me by surprise :)

It's in AccountController:

[Authorize]

       public ActionResult Invitation( string ticketNumber ) {

if ( this.Request.UrlReferrer == null ) {

               // Request is not coming from ACS

               // Force the call to the ClaimsAuthenticationManager

               FederatedAuthentication.ServiceConfiguration.ClaimsAuthenticationManager.Authenticate(

                   this.Request.Url.AbsolutePath,

                   (IClaimsPrincipal)Thread.CurrentPrincipal );

           }

....

  

May be you can explain in what cases it's required to "force the call to the ClaimsAuthenticationManager", what cases it covers. 

If we apply [Authorize], users will be authenticated (or denied) anyway, i.e. "Authenticate" has been called already, right?