CHAPTER 7
Custom STS through WIF
A Security Token Service (STS) is a web service that issues security tokens. The concept of STS is defined in a web service specification called WS-Trust, which specifies how a security token must be requested and issued. Creating an STS from scratch involves a fair bit of work. Windows Identity Foundation (WIF), a framework from Microsoft, does all the work for you by abstracting away the nuts and bolts of WS-Trust and presenting a nice API surface for you to work on as you build an STS.
In a typical enterprise, the business drivers to build a custom STS are very few, if any. Because STS is a pure security infrastructure, ...
Get Pro ASP.NET Web API Security: Securing ASP.NET Web API now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
