Advanced ASP.NET Programming for Windows Identity Foundation

Summary

Wow, that was an intense chapter! I hope you had as much fun reading it as I had writing it.

This chapter took a much more concrete approach to WIF programming, leveraging the programming model knowledge you acquired in Chapter 3 to tackle many important problems and scenarios you might encounter when securing ASP.NET applications.

You learned about the distinction between identity providers and Federation Providers, acquiring familiarity with the WIF STS template in the process.

You finally saw applied in practice the sign-in flow studied in Chapter 3, applying it to the case of multiple Web sites and discovering how the underlying structure makes SSO possible. You had a chance to learn how Single Sign-out works, and how to use WIF for implementing it in a few lines of code. We explored one case of exotic session management, in which the validity is driven by user activity rather than fixed expiration times.

The classic federation case and home realm discovery are now very concrete scenarios for you, and you know what it takes for dealing with them in various situations. In the process of learning this, you also gained familiarity with WIF’s object model for claims.

Finally, you had a chance to tie up a few loose ends regarding the use of ClaimsAuthenticationManager and ClaimsAuthorizationManager for processing claims once they have already reached the RP.

If you develop for the ASP.NET platform, this chapter should have equipped you with all the knowledge you need for tackling the most common problems and then some. For anything not explicitly covered here, you should now be able to investigate and solve issues on your own.

In the next chapter, I’ll turn to Web services and explore how WIF and WCF can work together to create safer applications while delivering a killer development experience.