ASP.NET MVC 2 and authentication using WIF (Windows Identity Foundation)

Posted by Russ Cam on Stack Overflow See other posts from Stack Overflow or by Russ Cam
Published on 2010-04-12T11:05:11Z Indexed on 2010/05/25 16:11 UTC
Read the original article Hit count: 961

Are there any decent examples of the following available:

Looking through the WIF SDK, there are examples of using WIF in conjunction with ASP.NET using the WSFederationAuthenticationModule (FAM) to redirect to an ASP.NET site thin skin on top of a Security Token Service (STS) that user uses to authenticate (via supplying a username and password).

If I understand WIF and claims-based access correctly, I would like my application to provide its own login screen where users provide their username and password and let this delegate to an STS for authentication, sending the login details to an endpoint via a security standard (WS-*), and expecting a SAML token to be returned. Ideally, the SessionAuthenticationModule would work as per the examples using FAM in conjunction with SessionAuthenticationModule i.e. be responsible for reconstructing the IClaimsPrincipal from the session security chunked cookie and redirecting to my application login page when the security session expires.

Is what I describe possible using FAM and SessionAuthenticationModule with appropriate web.config settings, or do I need to think about writing a HttpModule myself to handle this? Alternatively, is redirecting to a thin web site STS where users log in the de facto approach in a passive requestor scenario?

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Related posts about authentication