Maybe I'm going about this all wrong, but I'd like to take our Roles based ASP .NET Forms Authentication and port it to WIF so as to support federation with other applications.
I know this is a broad question, but how can I do Forms Authentication with WIF? Is this even a valid question or am I misunderstanding something? All the examples I've seen involve AD and STS. We don't even want to start hosting an STS server yet, but simply to structure the code in a claims based model so that we can pursue federated security going forward.
Any suggestions?
In a claims based architecture, you are generally not responsible for authenticating users anymore. Therefore, there're no more users/passwords, but you might still keep your roles.
I'd suggest reading the first couple chapters (quite short actually) of this guide
(caveats and disclosures: this is a MSFT centric guide, although you are working on that platform, and I'm one of the authors)
BTW: "Active Authentication" (although not exactly correct term) refers to web services mostly. "Passive clients" are usually web sites (your case).