Last post Nov 29, 2012 11:36 PM by asteranup
Nov 27, 2012 08:44 AM|spdev101|LINK
I have to design a public facing website which will have a membership area. I can use the latest .NET Framework. What is the security API which I should use, I have heard a lot about Windows Identity Foundation, but have a few questions around this
If there are multiple options which I can use which options do you'll reccomend?
Nov 27, 2012 09:41 AM|atconway|LINK
WIF (Windows Identity Foundation) is a .NET implementation of 'Claims Based Authentication'. Claims based authentication is a way to genericize passing identity information to make that piece technology and platform agnostic. A 'Token' is nothing more than
a series of bytes with 1...n claims. A single 'Claim' is just a piece of information about the client. Some common cliams would be, 'userID', 'FirstName', 'LastName', etc.
One of the streengths of using a claims based authentication approach is the ability to have 1...n sites trusting the same STS Provider (Secure Token Serve = issuer of tokens). For any site that truts the same STS Token Provider, the client
will not be asked to authenticate again and create a Single Sign On (SSO) ability.
This concept is simple on the surface but very deep in ability and use. I recommend reading some in-depth tutorials or even a book on WIF to have a better understanding. The WIF SDK comes loaded with examples and project templates for VS.NET that will help.
The links below will help get you on your way.
Windows Identity Foundation
How to: Access Claims in an ASP.NET Page
Difference between Claims vs OAuth
Programming Windows Identity Foundation (Book) (They have this used for like $2 and it is a great resource to get started)
Hope this helps!
Nov 29, 2012 11:36 PM|asteranup|LINK
If its a completely public facing website you can try form form authentication or open id authentication. For form authentication you can check-
For open id check-