I've been configuring some of my applications to use the Windows Identity Foundation. I use the passive redirection to get security tokens from a Security Token Service. I accomplished this by inserting WIF code into a logon web site that existed before I started using WIF and then using the "Add STS Reference" within the applications.
However, I have one application that does not use the logon web site. I think that what I would like to do is generate the security token within the application itself without redirecting the user to an external STS.
I tried unsuccessfully to accomplish this by using the ClaimsAuthenticationManager class which can be used to add additional claims to a security token received from an external STS. However, ClaimsAuthenticationManager doesn't work in this context. Instead of calling ClaimsAuthenticationManager only a single time per session ( the expected and desired result ), it gets called on every page load with no sign of the claims that I assigned to the user on the previous page load.
I'm looking at creating an external STS that will give the user the claims from a database, but I see this as being a hazard. There seems to be no reason that I must create a whole separate STS for only a single web site. I would like to just generate the security token within my application.