Windows Identity Foundation sample MVC application

Question

Is there a sample application for using WIF with a ASP.NET MVC application? Can someone help me get started trying to integrate both of these technologies?

Answer 1

I found that by far the best example to get started with is Dominick Baiers StarterSTS.

Even if you don't use that as your STS, the tutorials on the site are a great starting point. There are no ASP.NET MVC tutorials specifically but I've got it working in just the same way as an ASP.NET WebForms.

So in short...

1. Download WIF and the WIF SDK - http://msdn.microsoft.com/en-us/evalcenter/dd440951.aspx
2. Download StarterSTS - http://startersts.codeplex.com/
3. Follow the STS Introductory video - https://identity.thinktecture.com/download/startersts/v1/StarterSTS_InitialSetup.wmv
4. Follow the ASP.NET Tutorial http://identity.thinktecture.com/download/starterSTS/v1/StarterSTS_FederatingWebApps.wmv
5. Create a new MVC Project in VS 2010
6. On the project right-click, select "Add STS reference" and follow the same wizard steps as the WebForms application. (to add the WIF information to your web.config file.)

Now when you try and log in to your MVC app, you'll use the StarterSTS Identity provider and it'll log you in..

If you debug in to any of your controller methods you'll now see you have a WIF "ClaimsPrincipal" (which implements IPrincipal and so is backward compatible)

One thing to note is that the tutorials only realy cover authentication.

To be able to log out from the MVC app...

Add a reference to Microsoft.IdentityModel

(a "known" bug is that it doesn't show up in the VS2010 Add Reference Dialog so you have to reference the dll directly in C:\Program Files\Reference Assemblies\Microsoft\Windows Identity Foundation\v3.5\Microsoft.IdentityModel.dll)

In the templated MVC AccountControllers LogOff method you can now call...

WSFederationAuthenticationModule.FederatedSignOut(null, new Uri("https://RP/"));

where RP is the URI of your own MVC based Relying Party.

Once you have all this set up, using another STS such as ADFS (Active Directory Federation Services) is easy. (as you don't need to do anything other than reconfigure your app to use it.)

As a side note, more screen casts can be found here.

Hope this helps. It's all a bit of a minefield :-)

Answer 2

There's a short, high-level article that should cover the basics here.

For real sample code, Microsoft's Identity Developer Training Kit includes examples in ASP.NET (as well as Silverlight and more).

Also, Microsoft published a lengthy PDF called "A Quick Guide to Claims-Based Identity and Access Control" which should be a helpful reference (chapter 3).