Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Off-the-shelf Security Token Service (STS) that uses ASP.NET membership provider?

Tags:

.net

security

wif

asp.net-membership

acs

I'd like to move a site that currently uses the standard ASP.NET membership provider to use claims-based authentication through Windows Identity Foundation and Azure ACS.

We're going to surface the site using OAuth 2.0 secured REST services so this seems a sensible approach to follow. We also have a need to federate our authentication with external third-party ADFS and other systems, which is precisely the problem that ACS solves very well.

However, I would also like to retain the ability for our existing users to use their existing credentials.

To do this I think I need a custom STS that works with the ASP.NET Membership Provider.

All the literature (e.g. Bertocci's "Programming Windows Identity Foundation") suggests that it's a bad idea to write a custom STS. And, I agree -- I really don't like writing our own security code.

So - is there an STS available that can use Membership Provider data?

like image 955
Jeremy McGee Avatar asked Oct 20 '11 10:10

Jeremy McGee

People also ask

What is AWS STS used for?

AWS provides AWS Security Token Service (AWS STS) as a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users you authenticate (federated users).

What is .NET STS?

The STS validates the client's credentials. The STS issues a security token to the client. If the client's credentials are successfully validated, the STS issues a security token (such as a SAML token). The token contains claims, which represent user's identity.

What is a STS URL?

A Secure Token Service (STS) is a Web service that issues security tokens. That is, it makes assertions based on evidence that it trusts, to whoever trusts it (or to specific recipients).

What does STS stand for in security?

Security token service (STS) is a cross-platform open standard core component of the OASIS group's WS-Trust web services single sign-on infrastructure framework specification.

1 Answers

Take a look at the Identity Server (http://identityserver.codeplex.com) which uses the SQL Membership Provider.

It's a custom STS, but it's robust, extensible, and well architected.

Update: The project page is changed to http://thinktecture.github.io/Thinktecture.IdentityServer.v2/ Code has moved to https://github.com/thinktecture/Thinktecture.IdentityServer.v2

like image 67
Garrett Vlieger Avatar answered Sep 21 '22 11:09

Garrett Vlieger
Sign in to Comment

Related questions

What is the Fastest Way to Select a Whole Table in SQL Server?
Finding Changes between 2 HUGE zone (text) files
Inserting data multiple times into an SQL table, from a single button on Windows Forms
Curious to mscorlib reference
When to use which for?
extract private key bytes in C#
Find location of standard .NET assemblies?
How to set Image.Source property with Dispatcher?
Unable to set icon for the menu item using ItemContainerStyle
How to Invoke the progress bar in Status strip?
How to get over losing pennies all the time?
ODP.NET for both 32bit and 64bit
Is it necessary to use Process.WaitForExit after Process.Kill?
How do I use fluent validation to validate an object which contains more objects of the same type?
Constraints on type parameters: interface vs. abstract class
Get Current running page in WPF navigation NavigationWindow
Should I use EventArgs or a simple data type?
C# application on Apple IOS [closed]
Converting xsd enums to C#
Setting the offset in a stream

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!