Geeks With Blogs
Yossi Dahan

In a comment on a previous blog post Travis Spencer asked

Can you explain more about how you implemented an STS that supports both active and passive scenarios?

 

So here’s how -

 

To start with – I’ve implemented my STS class with all the logic I needed; this was done as a class library with several classes – my STS implementation, my STS-Configuration class, an STS service factory, my custom WindowsUserNameSecurityTokenHandler implementation and all the classes I needed to support my custom configuration section.

Then, in order to support an active scenario, I’ve created a WCF service and, through the SVC file, I’ve configured it to use my STS service factory class -

 

<%@ ServiceHost Language="C#" Debug="true" Service="<My STS configuration class>"  factory="<My STS Factory class>"%>

 

I’ve then configured the web.config of the wcf service to support my scenario – that included all the relevant binding configuration I needed,  the Geneva framework related configuration (microsoft.IdentityModel) as well as any custom configuration my STS uses.

 

The passive scenario can seem a little bit more confusing -

Obviously I’ve started by creating an asp.net web application; this application basically  has two web pages (admittedly I’m simplifying things a little bit for clarity) – default.aspx and login.aspx

 

Using standard asp.net forms authentication the web site is configured to redirect all unauthenticated users to the Login.aspx page, which in turns has a pretty standard login implementation using my custom username validator logic and the framework’s RedirectFromLoginPage function to set the local forms authentication cookie.

All my web-based reliant parties redirect the user to the default.aspx page; forms-auth then redirects again to login.aspx for authentication and then, once authenticated, the user is redirected back to default.aspx; on this page I’ve simply put the FederatedPassiveTokenService control provided with the geneva framework configured to use my STS configuration class as the service; this takes care of calling the STS and posting the token back to the RP

 

I hope that makes sense…do let me know if it does not!

Posted on Sunday, February 15, 2009 10:57 AM Geneva , Federated Identity | Back to top


Comments on this post: Supporting both active and passive scenarios in my STS

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © Yossi Dahan | Powered by: GeeksWithBlogs.net | Join free