I have not had any luck finding a consolidated view of changes from ADFS 2.0 to 2.1. Is there such a resource out there? I'm interested in new features.
Also, I'm looking specifically if AD/LDS can be used as an IdP for ADFS 2.1. I believe this was possible in ADFS 1.0, then not in ADFS 2.0, and I'm hoping (though against hope, I think) that it's back in ADFS 2.1.
Thanks for any help on either of these two questions.
Refer: Guidelines for Migrating an Application Built Using WIF 3.5 to WIF 4.5.
That's the basic difference.
In ADFS 2.1, ADFS and WIF are built-in - no need for seperate downloads.
For completeness, in R2, Extending device support in Active Directory.
No - no change to LDS.
Related
We have many web applications and want to integrate SSO.What is the benefit of using OAuth,SAML,Identity Server. What is different from making a custom webapi that produce token and authenticate user.
There are 3 protocols that you can use for SSO.
WS-Fed, SAML 2.0, OpenID Connect / OAuth 2.0.
The first 2 are the "old" way and are more for enterprise.
The later is the "new" way and is used by modern applications / mobile etc.
Unless there is good reason not to, use OpenID Connect / OAuth 2.0.
Microsoft has OWIN NuGet packages for these for the client.
Whatever you use, do not roll your own. You are pretty much guaranteed to get security wrong.
IdentityServer is an open-source implementation of these protocols. It supports OpenID Connect / OAuth 2.0 OOTB and the other 2 via add-ons.
I've used it extensively - it's definitely a good choice.
I want to migrate my security infrastructure to OWIN/Katana but i'm not very familiar with it. I hope someone can give me a ride in the right direction. Currently i use .net fwk 4.5, mvc 5 and the features in System.Security/IdentityModel. The authentication is done against ADFS 2.0 (i want to configure it in owin), i use claims transformation and session management (where is it placed and how it's done in owin) and authorization is done by filters (is still the same in owin?).
Thanks a lot guys!
Have a look at blog post by Vittorio Bertocci that shows how to secure webapi.
Lots of sample that can be applied to ADFS https://github.com/Azure-Samples to secure using OWIN.
I have an ASP.NET MVC that was originally built using WIF as the underlying identity management technology. As I keep upgrading our app to newer MVC technology, it seems like Microsoft is moving in a different direction and building MVC on top of OWIN which includes middleware for a lot of the things that WIF provides. I know that a lot of WIF was integrated directly with .NET 4. Does the OWIN identity middleware use WIF underneath? Is OWIN something I should move everything over to eventually to just use that middleware for the identity stuff instead of WIF?
I would like to use Windows Identity foundation in an Azure WebSite. I noticed that Azure Websites support .Net 4.0 and not .Net 4.5. Does anyone know if there is a way to use WIF in an Azure WebSite?
Vittorio Bertocci (Mr. WIF himself) just posted a blog post on this topic:
http://blogs.msdn.com/b/vbertocci/archive/2013/01/28/running-wif-based-apps-in-windows-azure-web-sites.aspx.
WIF 1.0 works fine in Azure - refer How to implement single sign-on with Windows Azure Active Directory - ASP.NET Application.
Or you go go the Azure ACS route - Facebook etc.
Are you asking - "Does anyone know if there is a way to use WIF 4.5 in an Azure WebSite"?
This will be available approximately end of this month. Please sees http://social.msdn.microsoft.com/Forums/en-US/windowsazurewebsitespreview/thread/3fab0f32-23c9-4122-9ece-8c3edbadde47 for more detail, or check back in a couple weeks.
Thanks!
Does anyone know of any code samples on how to use DotNetOpenAuth with Facebook using ASP.NET MVC 3 (or any version of MVC for that matter)? The samples that come with the library do not have any Facebook examples (it looks like they used to according to some posts but not anymore).
Any help would be appreciated.
Facebook uses OAuth 2.0 instead of OpenID for logins, so you must download the DotNetOpenAuth CTP in order to get the Facebook login sample. And the sample isn't for MVC, it's for web forms. But since it's all code in the code-behind anyway, you hopefully can make the translation yourself.
If you don't have your heart set on DotNetOpenAuth, you could also take a look at Windows Identity Foundation. It also supports OAuth 2.0 and Will give you the flexibility to use other authentication providers.