I'm working on an MVC 4 project. Actually the project involves 3 modules which talk to each other. User can buy licence to any of the 3 modules or all of it. I need to implement a single sign-on for the website that we are creating. So we decided to go with Security Token Service since it will be more secure.
I've read about STS and i have the basic knowledge of how it works. But the problem comes when i need to implement it in an actual project. Honestly i don't really know how to implement it. Can anyone tel me how to implement an Custom STS? (I'm working on .NET framework 4.5, MVC 4 & Visual Studio 2012).
According to my understanding all i need is to inherit ClaimsAuthenticationManager and override Authenticate method? (Correct me if i'm wrong). If thats the case where do i verify the username & password? Already i've done a little implementation
public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
{
if (!incomingPrincipal.Identity.IsAuthenticated)
{
return base.Authenticate(resourceName, incomingPrincipal);
}
return DressUpPrincipal(incomingPrincipal.Identity.Name);
}
in the above code incomingPrincipal.Identity.IsAuthenticated is always false. How do i authenticate the user in the first place?
I would suggest you look at IdentityServer.
Thinktecture IdentityServer is a light-weight security token service built with .NET 4.5, MVC 4, Web API and WCF.