WIF in Azure WebSite - wif

I would like to use Windows Identity foundation in an Azure WebSite. I noticed that Azure Websites support .Net 4.0 and not .Net 4.5. Does anyone know if there is a way to use WIF in an Azure WebSite?

Vittorio Bertocci (Mr. WIF himself) just posted a blog post on this topic:
http://blogs.msdn.com/b/vbertocci/archive/2013/01/28/running-wif-based-apps-in-windows-azure-web-sites.aspx.

WIF 1.0 works fine in Azure - refer How to implement single sign-on with Windows Azure Active Directory - ASP.NET Application.
Or you go go the Azure ACS route - Facebook etc.
Are you asking - "Does anyone know if there is a way to use WIF 4.5 in an Azure WebSite"?

This will be available approximately end of this month. Please sees http://social.msdn.microsoft.com/Forums/en-US/windowsazurewebsitespreview/thread/3fab0f32-23c9-4122-9ece-8c3edbadde47 for more detail, or check back in a couple weeks.
Thanks!

Related

Looking for a secure and robust STS implementation

I am faced with a project that uses custom authentication via a WCF service that returns a set of claims based on some data identifying a user, close to user name and password. Then on top of this, I have a custom STS, derived from Microsoft.IdentityModel.SecurityTokenService, that resides in an ASP.NET web site project. This project looks like it was created with the VS2010 template, and not carefully had-crafted.
My gut feeling, and lots of on-line advice tell me that this web site STS project is very far from production ready. I am now looking for an MVC based STS that I can use in anticipation of being production ready. TinkTecture's IdentityServer looks promising, but it is so much more than simply implementing a custom derivation of SecurityTokenService, I have no idea where to start. If somebody could steer me toward an open project or walk-through that does this, or offer some guidance as to where and how I can start extending or modifying Identity Server, that would be great.
Have you looked at Thinktecture.IdentityServer v3? I'm at the moment using it and very simple to use.
It is still in Beta but RTM will be available soon. It has good documentation and samples too.
https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki/Getting-started
https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki
Update:
Identity Server 4 is also available. It supports cross-platform deployment with .NET Core.
https://github.com/IdentityServer/IdentityServer4/
Have you looked at the MSDN article by Michele Leroux Bustamante?
It's a little old and based on WCF, but it has code accompanying it.
Building A Custom Security Token Service
If you want ASP.NET based example, Microsoft published this:
ASP.NET Security Token Service Web Site
There's also this STS project on CodePlex.

How do I add Google OAuth (OpenID Connect) as an IP in Azure ACS?

Disclaimer - I am an extreme n00b when it comes to SAML, ACS and OAuth .. and just auth in general. I'm used to Windows Auth and at a push ADFS. I'm afraid you might need to give me the slow "one word a page" version here
As you are I'm sure aware Google has now deprecated the use of the OpenId 2.0 API for authentication (as of May 19th 2014). This has of course completely broken the "Google" Identity Provider (IP) in Azure Access Control Services (ACS). I basically need to add Google Support back in for a new project and understand it might be a bit more complicated than "click a few buttons".
I have seen a few blogs mention that I might need to "create an STS for the Google Auth, which I then add to ACS as the IP" but they didn't go into any more detail and I honestly don't have any idea how to do this or what it involves. I am happy to write code (I've been writing C# for almost 10 years) but have never done anything like this before.
Can anyone point me at samples / tutorials that will hopefully not go completely over my head?
The latest samples for Google+ are the ones on the Google+ Github page. Check out the .NET sample, this shows the code flows for OAuth 2.0 using Google's client libraries. There's a blog post on the key OAuth 2.0 flows in .NET as well.
If you are using MVC, there is a blog post on integrating OAuth 2.0 with Microsoft's MVC framework.
Although the samples are not targeted to Azure, I have deployed them to Azure instances without issue. If getting integrated into Azure is shown to be problematic and you think it would be worth it for Google to provide support, please request a feature in the issue tracker.
If you create a plugin, extension, etc that would be useful to other developers, please share with the Google+ developer community.

ADFS 2.1 Changes (and LDS)

I have not had any luck finding a consolidated view of changes from ADFS 2.0 to 2.1. Is there such a resource out there? I'm interested in new features.
Also, I'm looking specifically if AD/LDS can be used as an IdP for ADFS 2.1. I believe this was possible in ADFS 1.0, then not in ADFS 2.0, and I'm hoping (though against hope, I think) that it's back in ADFS 2.1.
Thanks for any help on either of these two questions.
Refer: Guidelines for Migrating an Application Built Using WIF 3.5 to WIF 4.5.
That's the basic difference.
In ADFS 2.1, ADFS and WIF are built-in - no need for seperate downloads.
For completeness, in R2, Extending device support in Active Directory.
No - no change to LDS.

Integrating an ASP.NET MVC application with OpenAM

Does anyone have or know of any example of integrating an ASP.NET MVC application with OpenAM?
I have an application deployed with ASP.NET MVC 2 where the authentication is perforned using forms authentication, and I need to change into authentication using Single Sign On via OpenAM.
I've been searching for a code example of OpenAM integration from .NET, but I have found almost nothing so far. A code example would be very appreciated.
Thanks in advance!
if you want to accomplish this scenario over SAML protocol, then it is not problematic.
You have to download and install OpenAM on Tomcat Appache server. Configure it. Then on page .Net Fedlet you can find details about the .Net Fedlet. That is library set and application sample written on .Net, how to adjust your asp.net application to target OpenAM server. This library supports SAMLP from your web application.
What I am looking for and I have not found yet is the same scenario but over WS-Federation and with usage of WIF. If I found out how I will write it here.

Windows Live ID in ASP.NET MVC

does anyone know is there a way to implement Windows Live ID authentication into your ASP.NET MVC site. There is some info about OpenID implementations and it uses some libraries.
So is there a way to implement Live ID or it is not yet supported.
Thank you
The same way you would with Memberships:
http://www.eggheadcafe.com/tutorials/aspnet/48857836-0c72-4efb-9d29-fbcb8e17ef3a/integrate-windows-live-id.aspx
Actually this is a valid business case, and I've gotten it to work with asp.net mvc. I used the sdk sample code a posted by Filip and created a controller that handled auth response. The only issue I had was during the windows live app verification process. I couldn't get the verification process to work with the mvc site up. I had to do the verification before I upload site. See: link text
Newer information at
It's pretty independent of mvc or webforms I think.
Windows Live Messenger Connect Developer Guide
http://msdn.microsoft.com/en-us/library/hh243641.aspx

Resources