Local STS to production

Question

I am now working on a web project where the authentication mechanism chosen is windows authentication(intranet application). Once the project goes live, after a gap of two months or so, an STS will be set up. Then the web project should start using it with out much change to the code. How to do it?

I plan to use claims based authentication using WIF 4.5 with my own STS ( a WCF project/web application) and take it to live. once the STS is setup in intranet(ADFS)/cloud(WAAD). I simply change the local STS URL to new 'original' STS.

1) Will it work? 2) Can the local STS be a dll?

Answer 1

STS is not required for Windows authentication, with .NET 4.5 Claims are included in framework, in fact no extra setup/configuration is required to support Claims. Moreover STS is required only if you are trying to federate.

See How-To

It is not a good idea to deploy a custom developed STS to production environment, you should be using ADFS or Thinktecture.IdentityServer.v2 or any other similar product for federation.

Answer 2

You will want to start by configuring your application as a Claims-Aware Application.

• Right click on the web project and choose Identity and Access. You will need the latest identity tools to see this option in the context menu.
• Choose Local Development STS for the time being.

This will modify your web.config with the identityConfiguration section and a wsFederation node that has the Local Development STS url. You will no longer be using Windows Authentication instead you can configure the settings in under the Local Development STS tab in Identity and Access tools dialog. This gives the flexibility of defining different claims that emulate what your custom STS will do in the future.

Now your application authentication will resemble a production environment without a real STS.

Here are some resources

• How To MSDN
• Several code samples