I'm currently writing an HttpModule in the hopes of gleaning the currently logged in user and redirecting them if they are trying to authenticate with the Windows credentials instead of using a valid ADFS claim/credentials.
So far, I've tried the following:
SPContext.Current.Web.CurrentUser;HttpContext.Current.User.Identity.Name;WindowsIdentity.GetCurrent().Name;HttpContext.Current.Request.Url.AbsoluteUri;HttpContext.Current.Request.LogonUserIdentity;I'm also looking at the IClaimsIdentity claims and the HttpRequest.Params.
What I've found is that because there are a few redirects in the authentication process, the module gets hit multiple times (PreRequestHandlerExecute event). I have also found that until the result is received from ADFS, the SPContext and HttpContext users are null. The WindowsIdentity user is 'NT AUTHORITY\IUSR' until it hits ADFS, where it is changed to the correct account if using IE and the settings are saved.
Is there a way to know (before ADFS is even involved) the user that will be sent over to get a claim? I figured it would be in the HttpRequest but so far I have found nothing. I'm interested in accessing the user so I can redirect if necessary and force a logout/login using valid credentials so that I can prevent the Windows accounts from ever being used for authentication. It seems like the WindowsIdentity is the right path but if it's always going to be the same that's not particularly helpful.
Thanks in advance!