tags:

views:

422

answers:

1
+2  Q: 

Active and Passive Federation in WIF

I am trying to understand the difference between Active and Passive federation in WIF. It appears that one would use an Active Federation if the Relying Party (RP) is a WCF Service instead of an ASP.NET application and a Passive Federation if the RP is an ASP.NET application. Is this accurate?

So, in a scenario in which an ASP.NET application uses a WCF in the backend, the MS articles suggest using a 'bootstrap' security token that is obtained by the ASP.NET app using an ActAs STS and this token is used to authenticate with the WCF. In this scenario, it appears that we are doing a combination of Active (user -> STS -> ASP.NET RP) and Passive (ASP.NET -> ActAs STS -> WCF) Federation?

+1  A: 

Active Federation is about authenticating user using WSTrust protocols and your Relying Party is who own's login window and ask for security token to STS. Passive Federation is when Relying Party have no login logic and you are redirected to the login page located on STS. Active Federation is more complex to configure, on my opinion (I'm working with silverlight, so it need some tricks). I'm planing to post about this subject on my blog, because there are few information about it on internet.

Daria Barteneva  2010-05-07 09:42:15
In my example, Active Federation is when a WCF service is the relying party (as it does not have a login page). Right?
 2010-05-07 14:15:35
No, your WCF service must own some mechanism to create a SOAP message and pass credentials to the STS, this is Active Federation and your service is the Active Requestor (you can receive credentials in the way you want, for example using login window from Silverlight client). If you want to use login page from Identity Provider and don't worry about receive and pass credentials, you should use Passive Federation, and in this case your service is Passive Requestor (he only redirect, and IdP do all work).
Daria Barteneva  2010-05-14 16:34:01

related questions

Shared Authentication between SAAS/Cloud web application and Desktop application
Strange error with WIF RTM, occurs after reset IIS
WCF routing service + WIF security + SL = grief
How can I generate a SAML Security Token within the same application that consumes it?
WIF (Windows Identity Foundation) with SAML 2.0
Authentication and Authorization scheme for an application exposed as WCF Service Layer?
Windows Identity Foundation: How to get new security token in ASP.net
What are good ways to architect a custom "ClaimsAuthorizationManager" Windows Identity Foundation class?
Using ADFS 2.0 with non-.NET services
Getting WIF to work with OpenSSO as STS
getting Windows Identity Foundation "Developer Training Kit" examples to work
Finding STS providers for Windows Identity Foundation
Windows Indentity Foundation need IIS 7 Windows Authentication
Windows Identity Foundation tutorials?
Programatically configure Web App and WCF to use an STS (WIF)
Using Windows Identity Foundation to log someone in to an ASP.net application
ASP.Net WCF service's Thread.CurrentPrincipal is being thrown away by some interceptor in a Federated (WIF) environment
Custom Claims with Geneva framework and how to "synch" users whitin your app
Handling credentials in an app consuming a WCF service with WIF/Geneva
Windows Identity Foundation - Third Party Secure Token Server
Where did 'My" certificate store go?
WIF manually generate federationmetadata.xml
Windows Identiy foundation redistributable failed on Vista Home Premium edition
Geneva Server And SQL Store
How can i get the WindowsIdentity or WindowsPrincipal of a WCF Claim / SecurityIdentifier (SID)?