Since I'm new to WIF.
I want to create a custom STS on WIF, but these document only for .net 3.5:
http://msdn.microsoft.com/en-us/library/ee748498.aspx
and I can't find these template in vs 2012.
So what should I do? Can anybody provide some information to me ?
Thanks !
Writing a custom STS service is still available under WIF in .NET 4.5 or WIF 4.5 for short.
"To create an STS you must derive from the SecurityTokenService class. In your custom class you must, at a minimum, override the GetScope and GetOutputClaimsIdentity methods...", Microsoft 1
You start by deriving a new type from System.IdentityModel.SecurityTokenService.
Note that we now use the SecurityTokenService which is apart of .NET 4.5's System.IdentityModel and not the pre .NET 4.5 Microsoft.IdentityModel.
Please refer to the link below to see an example of a passive STS.
Microsoft's Federation Metadata example is a reasonably complete example of custom STS.
MSDN:
This sample will show you how to dynamically consume WS-Federation metadata at run time in an ASP.NET Web Application. You will also see how to create a basic STS that produces WS-Federation metadata and issues tokens.
In addition this sample shows the basics of how claims have been integrated into the .NET framework. You will learn how a web application is enabled to use WIF. You will see how they are useful from within existing properties and functions, and how you can take the next step to using them directly using the ClaimsPrincipal class in System.Security.Claims. You also will also learn how to work with the local STS that is part of the Identity and Access tool for Visual Studio 2012. Tell me more
[1] System.IdentityModel.SecurityTokenService
The templates have been replaced with the Identity and Access Tool.
Refer Windows Identity Foundation in the .NET Framework 4.5 Beta: Tools, Samples, Claims Everywhere
There is no custom STS facility option anymore in the sense of a wizard as per FedUtil. As other posts allude to, you can still roll your own.
Refer: What's New in Windows Identity Foundation 4.5.
Have a look at Identity Server which is a very good custom STS and alter as required.
If you're completely new then writing a custom STS might not be such a good idea :-) I would suggest having a look at the implementation given in ThinkTecture STS (https://github.com/thinktecture/Thinktecture.IdentityServer.v2) This is a sample STS that handles different tokens types (SAML, SWT and JWT) as well as different procotols (WSFederation, OAuth, ...) There is too much in here for many simple cases but at least the code works.
Related
We are trying to implement single sign on, across multiple domains from MVC 4 application to .Net Core application.
MVC 4 to MVC 4 it's working fine with MachinKey, but not with .Net core.
How can we implement SSO to share the same authentication with all other application in MVC4 and .Net core application.
Identity Server can do this. Identity Server version 4 will be supported and free for as long as .NET Core 3.1 is supported. After that, you'll need Duende Identity Server, which is the next version, available on a commercial licence.
You can also do it with OpenID Connect (AKA OpenIddict) which is free for the foreseeable future, but that will probably need you to write a bit more code.
I have used both.
Both of them are agnostic to the type of client applications, so your clients can be MVC4, .NET Core, Xamarin, React, anything at all. Both of them have good templates that you can download and get started quite quickly with a simple scenario.
Unfortunately, in my experience, making meaningful extensions or changes to the templates (such as what you're proposing) was difficult and required in-depth knowledge of internet security concepts, studying the documentation and source code of whichever library that you choose.
I have tried really hard to learn but I still find it difficult, so I wish you good luck!
Here are the sample projects for IdentityServer4:
https://github.com/IdentityServer/IdentityServer4.Templates
And here is the documentation on how to get started:
http://docs.identityserver.io/en/latest/
Here are the sample projects for Open Id Connect:
https://github.com/openiddict/openiddict-samples
And here is the documentation:
https://openid.net/connect/
The Microsoft identity team released a CTP package for WIF back in 2011 adding support for the SAML 2.0 authentication protocol.
http://www.cloudidentity.com/blog/2011/05/16/ATTENTION-ASP-NET-DEVELOPERS-SAML-P-COMES-TO-WIF/
Unfortunately the link to the Microsoft Connect site is dead. Since most WIF functionality has been moved into .NET 4.5 System.IdentityModel namespace, I was hoping to find the Saml2AuthenticationModule class there. However, I cannot find that class anywhere in the identity model assemblies.
Does anyone knows what happened to the SAML 2.0 support classes? Where they migrated to .NET 4.5 System.IdentityModel namespace? If not, is the original CTP package available somewhere?
The WIF SAML stack never made it out of CTP. Had a look around and can't find it anywhere.
It was based on WIF 3.5 so wouldn't run under WIF 4.5 anyway.
My guess it that it was removed because SAML support is non-trivial and you can get the same functionality by federating via ADFS or Azure Active Directory.
There are other libraries available - refer: SAML : SAML connectivity / toolkit.
I have a scenario whereby i need to build a WCF service to provide custom authentication to 3rd parties non-web application connecting in an "Active" mode - i.e. i cannot present a web login page.
The login mechanism is also custom (i.e. not necessarily username/password), and so i cannot use ADFS or ACS.
I have read up on building active STS using WCF, but they mostly relate to .NET 3.5 and not much has been written around using .NET 4.5 since WIF has been integrated into the framework.
I have read Examples of how to a STS in .Net 4.5 using WCF but it doesn't seem to fit my scenario.
Any pointers appreciated.
Maybe you want to have a look at
http://thinktecture.github.com/Thinktecture.IdentityServer.v2/
This is an open source STS that includes active endpoints.
I am dumb and don't know what these two frameworks provides. I wanted to move to claims based authentication and don't understand what these two frameworks provide to me. Are these two providing the same functionality just named differently or they have a purpose?
Is there a question on SO that will help me getting started with porting existing forms authentication application to "Claims Based Authentication" ?
thank you very very much for your answers
Geneva is now called Active Directory Federation Services (ADFS).
It is a Security Token Service (STS) which issues signed tokens containing attributes about a user (name, email etc.)
WIF is the set of classes you include in a ASP.NET application that provides the plumbing to connect to ADFS.
Have a look at:
A Guide to Claims-Based Identity and Access Control
AD FS 2.0 Content Map
Windows Identity Foundation (WIF) Content Map
Update
The WIF link above contains a link to Get Started with Windows Identity Foundation (WIF) which includes the Identity Training Kit and some "Getting Started" examples.
I'm looking for Examples of how to a STS in .Net 4.5 using WCF.
So the scenario is I have a MVC 4 web app that I want to write an STS to authenticate and get claims that stores its data in the traditional SqlMembershipProvider database schema that we all know and love.
I'm guessing the STS could be a simple WCF service.
I've googled around but can only find stuff that shows how to do all this when the WIF was separated from the Core Framework. I.e. before it was embedded in .Net 4.5
Writing your solution may not be as easy as you expect it to be. Have a look at https://github.com/thinktecture/Thinktecture.IdentityServer.v2 which is a .NET STS. I guess using it will suffice in your case and it is very actively developed.