This project is read-only.

Force the call to the ClaimsAuthenticationManager

May 10, 2012 at 4:53 PM


I went through the implementation of BlobShare and one specific code block caught me by surprise :)

It's in AccountController:


       public ActionResult Invitation( string ticketNumber ) {

if ( this.Request.UrlReferrer == null ) {

               // Request is not coming from ACS

               // Force the call to the ClaimsAuthenticationManager



                   (IClaimsPrincipal)Thread.CurrentPrincipal );




May be you can explain in what cases it's required to "force the call to the ClaimsAuthenticationManager", what cases it covers. 

If we apply [Authorize], users will be authenticated (or denied) anyway, i.e. "Authenticate" has been called already, right?