Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Active and Passive Federation in WIF

Tags:

wif

I am trying to understand the difference between Active and Passive federation in WIF. It appears that one would use an Active Federation if the Relying Party (RP) is a WCF Service instead of an ASP.NET application and a Passive Federation if the RP is an ASP.NET application. Is this accurate?

So, in a scenario in which an ASP.NET application uses a WCF in the backend, the MS articles suggest using a 'bootstrap' security token that is obtained by the ASP.NET app using an ActAs STS and this token is used to authenticate with the WCF. In this scenario, it appears that we are doing a combination of Active (user -> STS -> ASP.NET RP) and Passive (ASP.NET -> ActAs STS -> WCF) Federation?

like image 933
Nick Avatar asked May 05 '10 16:05

Nick

People also ask

What is passive federation?

Federation with a browser is based on WS-Federation Passive Requestor Profile, which describes the same communication flow between the browser and web applications. It relies on browser redirects, HTTP GET, and POST to request and pass around tokens.

How WS-Federation works?

WS-Federation provides the general language and mechanism to connect users and resources across security boundaries, typically in disparate security realms, thereby providing for the creation of a federation of security realms.

What is passive request?

Any actor playing the requester part that is not able to construct a SOAP message is referred to as a passive requester.

What is a WIF token?

Windows Identity Foundation (WIF) is a Microsoft software framework for building identity-aware applications. It provides APIs for building ASP.NET or WCF based security token services as well as tools for building claims-aware and federation capable applications.

1 Answers

Active Federation is about authenticating user using WSTrust protocols and your Relying Party is who owns login window and asks for security token to STS. Passive Federation is when Relying Party has no login logic and you are redirected to the login page located on STS. Active Federation is more complex to configure, in my opinion (I'm working with silverlight, so it needs some tricks). I'm planing to post about this subject on my blog, because there is little information about it on internet.

like image 139
Daria Barteneva Avatar answered Sep 19 '22 15:09

Daria Barteneva
Sign in to Comment

Related questions

WIF Security Token Caching
What is the difference between microsoft.identityModel and system.identityModel in .NET 4.5
Basic Authentication Middleware with OWIN and ASP.NET WEB API
URL redirection from ADFS server
Is it possible to run WIF without LoadUserProfile = True
ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry
Microsoft.IdentityModel: Key not valid for use in specified state
JwtSecurityTokenHandler().ValidateToken() :: Signature validation failed... sha256 not supported in this context
Best approach for SSO for Asp.Net application with Login from external application with multiple ADFS [closed]
Perfect unique_id for device except IMEI,Android_ID,WLAN Mac and Bluetooth address
Best practices for creating custom claim types
How do I get to the SecurityTokenHandlers collection in WIF 4.5?
What's the .NET 4.5 equivalent to UserNameWSTrustBinding?
Adding Claims-based authorization to MVC 3
A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...")
SHA256 signing stops working in .NET 4.5
Windows Identity Foundation sample MVC application
How to configure Microsoft JWT with symmetric key?
.net n-tier identity & authorization in service architecture
Where can I find Microsoft.IdentityModel.Extensions.dll library?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!