Currently I am working on a LOB Silverlight application. Eventually, I need to implement a single sign-on for the new app and an old Classic ASP web app. Right now, the Silverlight App is secured using Forms Authentication through a custom Membership Provider.
Reading online, I've come to think that Passive Federated Security is what I need. But, I am struggling with following questions:
1) What is a relatively painless way to set up STS. I don't really want to spend a lot of time setting this up. I've take a look at WIF - it seems to require some platform changes so that really is not an ideal solution [Even though it seems relatively easy to set up]
2) How do I integrate Classic ASP app to use the STS? - Currently it is validating against a custom userStore and putting the authentication/authorization info in the session.
3) Eventually, users will be accessing both apps through a third-party portal that authenticates them outside of our organization. So, somehow the portal would need to be able to issue Security Tokens [SAML??] that the STS will understand.
I am currently focusing on 1 and 2. If anyone has even a slightest insight into this, that would be greatly appreciated.
Thanks, Ravi