Share Authentication between MVC applications through WIF

960 views Asked by At

I have two website i.e. A and B, where A and B both have their user store separately. If user is authenticated user of A, it should be able to access all authorized pages of B and visa versa.

Can someone help me how i can do this using Windows identity foundation. Thanks

1

There are 1 answers

2
Amirhossein Mehrvarzi On BEST ANSWER

Read the main article by MSDN which completely describes What is Windows Identity Foundation that says:

Windows® Identity Foundation (WIF) is a framework for building identity-aware applications. The framework abstracts the WS-Trust and WS-Federation protocols and presents developers with APIs for building security token services and claims-aware applications. Applications can use WIF to process tokens issued from security token services and make identity-based decisions at the web application or web service.

So you should have the less problems for authentication across multiple applications.

A great start point would be the MSDN one which is How To: Build Claims-Aware ASP.NET MVC Web Application Using WIF

To understand How it works see this helpful MSDN blog.

Another example of WIF + MVC is available in Federated Identity with Multiple Partners where I exhort you to read the first chapters to understand all underlying principles.

Update: Around STS According to MSDN:

A security token service (STS) is the service component that builds, signs, and issues security tokens according to the WS-Trust and WS-Federation protocols. There’s a lot of work that goes into implementing these protocols, but WIF does all of this work for you, making it feasible for someone who isn’t an expert in the protocols to get an STS up and running with very little effort. You can use a cloud STS such as a LiveID STS, a pre-built STS such as Active Directory® Federation Services (AD FS) 2.0, or, if you want to issue custom tokens or provide custom authentication or authorization, you can build your own custom STS using WIF. WIF makes it easy to build your own STS. For more information, see Building an STS.

The following Links can be helpful around STS:

  1. Building an STS
  2. How to: Create a Security Token Service
  3. Building A Custom Security Token Service