WHAT'S IN THIS CHAPTER?
Understanding the federated authentication principles
Getting started with Windows Identify Foundation (WIF)
Implementing a Security Token Service with WIF
Implementing a Claim-Aware service
This chapter is exclusively dedicated to the integration between the Windows Identity Foundation framework and WCF, mainly focusing on how to negotiate claims from a secure token service and use it for security decisions in the services.
If you are not experienced with federated authentication, do not worry, as important aspects are discussed here about how this security model works under the scene in WCF.
Federated authentication is another example of Brokered Authentication, where services rely on a third party, a Security Token Service (STS), for authenticating callers and issuing security tokens that carry claims describing the caller.
An STS in this context provides a powerful mechanism to meet some of the following requirements:
Decouple services from different authentication mechanisms or credential types so they can focus on authorizing or processing relevant claims.
Support a federated architecture where clients authenticated in one domain are granted access to resources or services in another domain by establishing trust between each domain's STS.
Transform claims into a relevant set of claims expected by the authorization code at services.
As you can see, it represents an excellent tool for consolidating ...