Is Azure Access Control and WIF suitable when some of the relying parties might not be .Net based
We currently have a few .Net applications on different domains with separate membership on each. We are moving to a federated login with single sign-on (and hopefully single sign-off) and a centralised membership hosted on Azure.
The natural choice to us seemed to be creating our own Identity Provider for Azure's Access Control which all of our sites would authenticate with WIF but there might be the possibility of non .Net sites having to authenticate with this in the future.
Is this still an acceptable route to take?
ACS is a "Federation provider". It basically allows your "relying parties" (your applications) to delegate authentication to it.
ACS can itself trust many "identity providers", including yours if you wanted. Currently (ACS V2) supports WS-Federation & OpenID (for web sites), WS-Trust & OAuth (for web services). These are the "protocols". ACS supports 2 token formats: SAML (1.1 & 2.0) and SWT. It also comes pre-configured with Google, Yahoo!, Facebook and LiveID.
If your app trusts ACS, then you can accept users with accounts in any of those services. ACS can work with "any" IdP that supports any of those protocols.
WIF is a framework on .NET for "claims enabling" your app and works seamlessly in app stacks like ASP.NET (and ASP.NET MVC) and WCF. It can work on other app stacks, but it requires interop. However, each platform usually has a WIF equivalent, and as long as it is compliant with the standard (e.g. WS-Fed, SAML tokens, etc.) it works.
Interop is also both ways. For example: a non .NET app relying on ACS / ACS relying on a no-MSFT identity provider.
If you want to retain your membership databases for authentication (this means you would still have username/passwords), you can wrap it with an STS (built with WIF) and add it to the list of identity provider. Then any application (.NET or not) can use authentication based on it:
Of course you can combine both: have your apps trust ACS and then ACS trust your IdP (In addition to the other IdPs). This gives you additional flexibility.
In general, if you use WIF on your .NET based web site, you don't need to write much code (if any). Everything just works.
Examples of all this are available here:
- Identity Training Kit
- Claims based Identity Guide (http://claimsid.codeplex.com)
For a very quick intro, check Scott's latest webcast: http://scottdensmore.typepad.com/blog/talks.html
- Quartz.net: How to create jobs using Dependency Injection
- MemoryStream - Cannot access a closed Stream
- Custom Compiler Warnings
- Cannot find Assert.Fail and Assert.Pass or equivalent
- How to reduce the margin between two buttons in below WPF code
- Bad Request When Using PostAsJsonAsync C#
- How to use RouteValues using MvcPaging2.0 in MVC3?
- How to change visibility for some TreeDataGrid rows?
- Dynamically Added LinkButtons Don't Fire OnClick Event
- How to retrieve actual item from HashSet<T>?
- Retrieve 10 records from MySQL?
- Entity data model designer won't open the edmx file
- How can you inherit from a sealed class using reflection in .Net?
- Azure .NET SDK: Scale Azure SQL databases through SDK
- SortedList Doesn't taking multiple objects in C#
- Using System.Text.Json to Serialize an IConfiguration back to Json
- In v8 of highcharts implemented multiple highcharts in a single view but not working in the upgraded version GetHighchartsJS
- IBrowserFile FromIMageFileAsync incomplete image
- Can't repoduce call stack in one of my programs
- What's the fastest way to read a text file line-by-line?
- What is the difference between Environment.CurrentDirectory and Directory.GetCurrentDirectory?
- Automapper: passing parameter to Map method
- What is the difference between String and string in C#?
- error MSB3073: The command "npm install" exited with code 1
- What's the algorithm behind Robocopy?
- ASP. NET Core 8: Error HTTP 500 and returnurl=%2F in the URL
- Decompressing Large Gzip File not working using System.IO.Compression
- mlContext.Data.CreateEnumerable uses the init property?
- Why should I prefer single 'await Task.WhenAll' over multiple awaits?
- Implicit casting / polymorphism with a Dictionary in C#