Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Off-the-shelf Security Token Service (STS) that uses ASP.NET membership provider?

I'd like to move a site that currently uses the standard ASP.NET membership provider to use claims-based authentication through Windows Identity Foundation and Azure ACS.

We're going to surface the site using OAuth 2.0 secured REST services so this seems a sensible approach to follow. We also have a need to federate our authentication with external third-party ADFS and other systems, which is precisely the problem that ACS solves very well.

However, I would also like to retain the ability for our existing users to use their existing credentials.

To do this I think I need a custom STS that works with the ASP.NET Membership Provider.

All the literature (e.g. Bertocci's "Programming Windows Identity Foundation") suggests that it's a bad idea to write a custom STS. And, I agree -- I really don't like writing our own security code.

So - is there an STS available that can use Membership Provider data?

like image 955
Jeremy McGee Avatar asked Oct 20 '11 10:10

Jeremy McGee


People also ask

What is AWS STS used for?

AWS provides AWS Security Token Service (AWS STS) as a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users you authenticate (federated users).

What is .NET STS?

The STS validates the client's credentials. The STS issues a security token to the client. If the client's credentials are successfully validated, the STS issues a security token (such as a SAML token). The token contains claims, which represent user's identity.

What is a STS URL?

A Secure Token Service (STS) is a Web service that issues security tokens. That is, it makes assertions based on evidence that it trusts, to whoever trusts it (or to specific recipients).

What does STS stand for in security?

Security token service (STS) is a cross-platform open standard core component of the OASIS group's WS-Trust web services single sign-on infrastructure framework specification.


1 Answers

Take a look at the Identity Server (http://identityserver.codeplex.com) which uses the SQL Membership Provider.

It's a custom STS, but it's robust, extensible, and well architected.

Update: The project page is changed to http://thinktecture.github.io/Thinktecture.IdentityServer.v2/ Code has moved to https://github.com/thinktecture/Thinktecture.IdentityServer.v2

like image 67
Garrett Vlieger Avatar answered Sep 21 '22 11:09

Garrett Vlieger