I'm looking for Examples of how to a STS in .Net 4.5 using WCF.
So the scenario is I have a MVC 4 web app that I want to write an STS to authenticate and get claims that stores its data in the traditional SqlMembershipProvider database schema that we all know and love.
I'm guessing the STS could be a simple WCF service.
I've googled around but can only find stuff that shows how to do all this when the WIF was separated from the Core Framework. I.e. before it was embedded in .Net 4.5
Writing your solution may not be as easy as you expect it to be. Have a look at https://github.com/thinktecture/Thinktecture.IdentityServer.v2 which is a .NET STS. I guess using it will suffice in your case and it is very actively developed.
Related
We are trying to implement single sign on, across multiple domains from MVC 4 application to .Net Core application.
MVC 4 to MVC 4 it's working fine with MachinKey, but not with .Net core.
How can we implement SSO to share the same authentication with all other application in MVC4 and .Net core application.
Identity Server can do this. Identity Server version 4 will be supported and free for as long as .NET Core 3.1 is supported. After that, you'll need Duende Identity Server, which is the next version, available on a commercial licence.
You can also do it with OpenID Connect (AKA OpenIddict) which is free for the foreseeable future, but that will probably need you to write a bit more code.
I have used both.
Both of them are agnostic to the type of client applications, so your clients can be MVC4, .NET Core, Xamarin, React, anything at all. Both of them have good templates that you can download and get started quite quickly with a simple scenario.
Unfortunately, in my experience, making meaningful extensions or changes to the templates (such as what you're proposing) was difficult and required in-depth knowledge of internet security concepts, studying the documentation and source code of whichever library that you choose.
I have tried really hard to learn but I still find it difficult, so I wish you good luck!
Here are the sample projects for IdentityServer4:
https://github.com/IdentityServer/IdentityServer4.Templates
And here is the documentation on how to get started:
http://docs.identityserver.io/en/latest/
Here are the sample projects for Open Id Connect:
https://github.com/openiddict/openiddict-samples
And here is the documentation:
https://openid.net/connect/
I have a scenario whereby i need to build a WCF service to provide custom authentication to 3rd parties non-web application connecting in an "Active" mode - i.e. i cannot present a web login page.
The login mechanism is also custom (i.e. not necessarily username/password), and so i cannot use ADFS or ACS.
I have read up on building active STS using WCF, but they mostly relate to .NET 3.5 and not much has been written around using .NET 4.5 since WIF has been integrated into the framework.
I have read Examples of how to a STS in .Net 4.5 using WCF but it doesn't seem to fit my scenario.
Any pointers appreciated.
Maybe you want to have a look at
http://thinktecture.github.com/Thinktecture.IdentityServer.v2/
This is an open source STS that includes active endpoints.
I'm working on project for old PDAs that run on the .NET 2.0 CF (compact framework). Right now we are using .NET 2.0 ASMX web services, but I find that severely limiting. It is missing all sorts of things like extension methods, funcs, actions, LINQ, generic data-structures like HashSet(of T), etc., that would be useful for getting stuff done.
Eventually we're probably going to get rid of the PDAs and replace them with some other technology. For that reason I'd like to, as best as I can, write a re-usable/RESTful-ish backend (thus WCF).
I've looked online, but haven't had much luck finding information. At the very least I'm hoping to upgrade the backend to .NET 3.5 for improved functionality. Is it possible?
if you just want the new framework libraries and c# syntax than your asmx services would work just fine on 3.5, no need to migrate to wcf.
if you want rest you should take a look at asp.net web api though it is .net 4 only.
I am wanting to build a Restful API using WCF however I am struggling to make a decision on how to accomplish this.
The WCF Rest Starter Kit was developed for .Net 3.5 and has not progressed past Preview 2. Although it can be used within the current .NET Framework and within Visual Studio 2010 it seems from my research to be dead in the water and superseded by the new WCF Web API which is currently in Preview 5.
On the other hand the WCF Web API is only at preview stage and should not really be used in a production application as many things could possibly change before its release. There is also no indication if its nearing completion and if it’s going to be in the next .NET Framework release and when that is intended to be.
I find myself between rock and a hard place and look to the wider community to provide me with some guidance on this if at all possible.
You should regard this tweet from Glenn Block.
Using ASP.NET MVC for building a Restful API should be straight forward and easy way to do it.
However I've used WCF Web Api with WCF Rest Contrib in production without any problems.
See
Creating REST API with ASP.NET MVC that can speak both JSON and Plain Xml
RESTful Services With ASP.NET MVC
ASP.NET MVC – Create easy REST API with JSON and XML
Maybe OpenRasta is what you are looking for?
See also
RESTful framework alternatives to WCF
I depends on your application. If its a Website (also has views) that offers the REST API using ASP.NET MVC would be less technology, less effort, less know-how etc.
If its JUST an REST API choose what you like more from development style: ASP.NET MVC or WCF Web API
We are implementing a claims-based approach to security for our enterprise applications. I've been looking at the built-in support (with System.IdentityModel) as well as Windows Identity Foundation (WIF) but it doesn't look like either support Silverlight applications. I realize that SL4 doesn't support IPrincipal et al, but that shouldn't mean we can't still do claims-based auth.
Am I missing samples or documentation showing how to do so in SL4 or am I left to a home-grown solution?
I recently discovered that the latest version of the WIF Training Kit contains a sample application showing how to integrate WIF into a Silverlight client. It includes a version of the WIF IdentityModel code compiled against the Silverlight runtime. While not an ideal or even long-term solution, it gets me going.
Have a look at this by Dominic:
http://www.leastprivilege.com/UsingSilverlightToAccessWIFSecuredWCFServices.aspx
or this:
http://social.msdn.microsoft.com/Forums/en/Geneva/thread/fe890df3-8815-4d05-b293-d3c87f32e9e0