wifazman

WIF simple WITHOUT Federation - Where to start


I am little lost at the moment. Hopefully you can point me in the right direction...

Scenario: WinForms App / Active Directory / ONLY internal network

What I want: Achieve the same that NetSqlAzMan does (authenticate and authorize single operations) using WIF. No Federation, nothing that's not needed for that. Just authenticate a given user via his current Account, get the claims and see if he's allowed to call specific operations.

What is really needed for that? Do I absolutely need ADFS 2.0? What (simple) STS to use? Where to start? All I found on that is going to start with an enormous setup using WCF Federation Bindings and what not. Do I better stick to NetSqlAzMan?

Any help would be greatly appreciated! :)


Solution

  • What you're looking for is active federation (versus passive federation) which uses web services for authentication. Take a look at the Lab 4 here for some samples on how to do this.

    As for an STS, you don't have to use AD FS 2.0 (although for Active Directory authentication, it's probably the best option). You can always write your own custom STS using WIF, or you can look at the IdentityServer, but I don't think it has native integration with AD. You'd have to add that, but it wouldn't be too difficult using the ActiveDirectoryMembershipProvider.