I'm trying to understand what I need to develop a framework using WCF, Claims and ADFS 3.0. The internal users will authenticate against Active Directory, External User authenticate against SQL Server table and the authorization is stored in database tables implementing groups and permission. I am creating a API using WCF not Web Api or OWIN.
I'm not interested in using Identity Server or 3rd party products, I just want to know how I create a Custom Security Token Service to read from my membership table and set claims via my Groups and Permissions table.
I can find no information on any of this. There is no Identity and Access control in Visual Studio 2015 and there seems to be nothing using WCF, only using Web Api, OWIN and MVC?
This article seems to have a good start for you, http://southworks.com/blog/2007/03/11/the-holly-grail-of-enterprise-soa-security/
and here is the code that I use in my MVC app (not WCF, but many of the things that need to be done are the same)
var claims = new List<Claim>()
{
new Claim(ClaimTypes.Name, result.UserName),
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", result.Email),
new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider",
result.Email),
new Claim("UserId", result.Id.ToString(CultureInfo.InvariantCulture)),
new Claim("UserName", result.UserName),
new Claim("FirstName", result.FirstName)
};
//load claims from database here
claims.AddRange(result.Roles.Select(role => new Claim(ClaimTypes.Role, role.Name)));
var id = new ClaimsIdentity(claims, "Forms");
var cp = new ClaimsPrincipal(id);
var token = new SessionSecurityToken(cp)
{
IsPersistent = false
};
Session["authToken"] = token;
var sam = FederatedAuthentication.SessionAuthenticationModule;
sam.WriteSessionTokenToCookie(token);