ASP.NET MVC 2 and authentication using WIF (Windows Identity Foundation)
Posted
by Russ Cam
on Stack Overflow
See other posts from Stack Overflow
or by Russ Cam
Published on 2010-04-12T11:05:11Z
Indexed on
2010/05/25
16:11 UTC
Read the original article
Hit count: 961
Are there any decent examples of the following available:
Looking through the WIF SDK, there are examples of using WIF in conjunction with ASP.NET using the WSFederationAuthenticationModule (FAM)
to redirect to an ASP.NET site thin skin on top of a Security Token Service (STS) that user uses to authenticate (via supplying a username and password).
If I understand WIF and claims-based access correctly, I would like my application to provide its own login screen where users provide their username and password and let this delegate to an STS for authentication, sending the login details to an endpoint via a security standard (WS-*), and expecting a SAML token to be returned. Ideally, the SessionAuthenticationModule
would work as per the examples using FAM
in conjunction with SessionAuthenticationModule
i.e. be responsible for reconstructing the IClaimsPrincipal
from the session security chunked cookie and redirecting to my application login page when the security session expires.
Is what I describe possible using FAM
and SessionAuthenticationModule
with appropriate web.config settings, or do I need to think about writing a HttpModule
myself to handle this? Alternatively, is redirecting to a thin web site STS where users log in the de facto approach in a passive requestor scenario?
© Stack Overflow or respective owner