Is it possible to share the claims based authentication of a logged in Sharepoint 2010 user with a separate Asp.net application? The following article describes how it was done using Sharepoint 2007 and forms authentication through forms auth and sharing machine keys etc however I cannot find any information regarding the external appl...
My understanding is that an IAuthorizationPolicy (added through my web.config) should be called BEFORE my ServiceAuthorizationManage.CheckAccessCore (also added through my web.config). (I also have principal authorization mode set to Custom in the web.config). This way, the IAuthorizationPolicy can add a ClaimSet, then the ServiceAuthor...
Folks, Here's what I've done so far: 1) Created an ASP.NET MVC relying party application and secured it with ADFS v2.0. This works. 2) Created a WCF Service using the Claims-Aware service template for an ASP.NET website. I've turned ASP.NET compatibility for the service ON because the service wouldn't activate otherwise. I've moved th...
Seems that Microsoft ADFSv2 supports WS-Trust, and SAML Passive, but the WIF stack it's built upon doesn't support SAML. What is the difference between WS-Trust and SAML-P? Do they share the same security vulnerabilities, if so what are they? Note: There is a similar, but different question here: SAML vs OAuth ...
I have: A passive STS "login application" that is also an identity provider. An active STS WCF service that can accept and handle ActAs tokens A web site relying party A WCF service relying party that is called by the web site. All of this is put together using Windows Identity Foundation and custom STS code. Active Directory (ADFS) ...
I'm using the Windows Identity Foundation (WIF) Security Token Service (STS) to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all th...
We’re considering using WIF for authenticating our users, so I’ve started to gather some information on how to do this the right way. Mainly how we should create the STS. I’ve had a hard time finding some information about our scenario where we have a “main” service that will be used by clients both internal and external. Internal clien...
Hi, I have the following: A website ASP.Net application acting as an Identity Provider (IDP STS) Federation Provider (FP STS) A Resource ASP.NET MVC WebSite acting as (RP) when trying to access a Resource in RP, it goes thru the FP STS and gets redirected to IDP STS. User puts their credentials and upon validity of that, IDP provide...
I have a .xamlx Workflow Service that I would like to secure so that it can only be called by clients that have obtained a token from my STS (ADFS v2.0). Normally this is very easy to do if you're using a "Web Site" project template, and you've added a .SVC service - the "Add STS Reference" wizard will find the service you want secured a...
I am curious to find out how we could possibly send a Security token from a WIF application that has already been authenticate to a WIF enabled WCF Service. Any assistance will be appriciated ...
Hi All, Can someone please let me know if unsigned SAML 2.0 or 1.1 is natively supported on WCF .Net 4.0. I know that Signed SAML 1.1 is natively supported on WCF and SAML 2.0 is natively supported on WIF but I am not able to find any material regarding unsigned SAML. ...
I have a SharePoint 2007 portal configured to authenticate againsts a STS (ADFS 2.0) using the FormsSignIn (Forms Authentication on the ADFS). Is there any way to have a few pages living in the SharePoint portal that allow anonymous access? I've tried checking the "Enable Anonymous Access" in the SharePoint Central Admin, and I've trie...
Hi everyone, I created my custom Claim-Aware WCF Service and a Custom STS Service using the WIF SDK Template. Everything works fine but I would like to define my own custom Identity when I call the service and retrieve it in the STS Service. For example in the following code: protected override IClaimsIdentity GetOutputClaimsIdentit...
We have a problem using the SessionAuthenticationModule on IIS 6, when trying to access the application, the following exception occures: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is imper...
While trying to learn the ADFS 2.0 environment, I created an empty ASP.NET Claims aware application to be the RP using Visual Studio 2010. using ADFS 2.0 I did the following: Created a SAML 2.0 relying party using the 'Add Relying Party Trust...' wizard Created a SAML 2.0 Claim Provider using the 'Add Claims Provider Trust...' wizard ...
I currently have a copy of the app deployed to my local IIS as debug.wifclientapp.com and it will go to the ADFS server to authenticat but when it redirects after successful authentication it goes to www.wifclientapp.com which is the test instance on a remote server. I setup the test instance first. How can I get it to redirect back to...