Menu
I found this nice article that shows the evolution of the ASP.Net identity frameworks: http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity
However, I'm interested in how the Windows Identity Framework (WIF) fits into the picture with the new ASP.Net Identity Framework. Are they yet another set of competing Microsoft implementations?
Furthermore, if a developer is interested in supporting SAML authentication (which WIF supports), Active Directory authentication, and Forms Authentication, which would you choose?
417
The ASP.NET Identity system is designed to replace the previous ASP.NET Membership and Simple Membership systems. It includes profile support, OAuth integration, works with OWIN, and is included with the ASP.NET templates shipped with Visual Studio 2013.
The security stamp is a Guid stored in the database against the user. It gets updated when certain actions take place within the Identity UserManager class and provides a way to invalidate old tokens when an account has changed.
ASP.NET Core Identity is a membership system which allows you to add login functionality to your application. Users can create an account and login with a user name and password or they can use an external login providers such as Facebook, Google, Microsoft Account, Twitter and more.
Open the Control Panel and select Programs and Features. In the left pane, select Turn Windows features on or off. Scroll to the bottom of the list. Select the Windows Identity Foundation 3.5 option.
ASP.NET Identity is using WIF in the background. WIF is not only WS-Fed, it is now core of .NET framework when it comes to dealing with Principal/Identity. Basically namespace System.IdentityModel is now part of both WIF and .NET 4.5.
Goal of ASP.NET Identity is to provide out-of-the-box authentication mechanism with persistence and some other nifty features and thus replace traditionally used Membership providers which pretty much did the same, on very ugly way (after all, it is over 10 years old).
I personally am never using ASP.NET Identity on the project, but rather do my own user logic when it comes to persistence, mailing etc, and I operate directly with most important WIF classes such as SessionAuthenticationModule, ClaimsAuthenticationManager, ClaimsAuthorizationManager, etc. This gives me ability to write my own custom claims-based abstraction. WIF is all about CBAC (Claims Based Access Control).
Now when it comes to OWIN or not-OWIN, I'd say - go for OWIN (or to be more precise - go for Katana). ASP.NET will be entirely rewritten with new vNext technology, and Katana will play major role there. The sooner you get used to work with Katana middleware, the easier will be transition for you.
Keep in mind that all modules (FormsAuthenticationModule, RoleManagerModule, SessionAuthenticationModule, WSFederationModule,...) are not compatible with OWIN/Katana as concept of ASP.NET extension via IHttpModule is being replaced with Middleware philosophy.
Check out this "hidden" repository where MVC, WebAPI, SignalR are merged into new vNext MVC:
vNext MVC Repository
51
Firstly, WIF supports WS-Fed not SAML (although it does use SAML tokens). AFAIK, Identity doesn't support SAML.
Identity is predominantly DB based. WIF normally is used in conjunction with ADFS which is AD based. ADFS supports SAML.
WIF outsources authentication / authorization to a STS (like ADFS) so the FBA decision is a STS one not a WIF one.
WIF supports federation so you can hook into other STS, Azure Active Directory etc.
As you say, they are two sets of "competing" Microsoft implementations.
If you are looking at the bigger picture, AD support and future proofing, it sounds like WIF is the better option.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
