This document discusses claims-based identity and identity federation in Silverlight applications using Windows Identity Foundation (WIF). It introduces claims-based identity and how WIF allows developers to integrate claims into their applications. It then covers two types of identity federation that can be implemented in Silverlight - passive federation, which uses redirects to authenticate users, and active federation, where the identity provider issues security tokens. It demonstrates implementing both types of federation with Silverlight applications using WIF.
7. Introduction to Claims-Based Identity WIF – Windows Identity Foundation Introduction Building Claims-Aware Silverlight Applications Identity Federation in Silverlight Passive Federation Active Federation Summary Agenda
9. Your Applications are prisioners of Identity Silos Introduction to Claims-Based Identity Login.aspx Page1.aspx Credential Stores Credential Types / APIs User Attributes Stores
10. Identification in Real Life Works Pretty Well…How Do We Do That? Introduction to Claims-Based Identity Externalizes Authentication Gets user info from a document
11. Claims Can Set Your Application Free Introduction to Claims-Based Identity Identity Provider Active Directory Federation Services 2.0 STS Claims Relying Party Security Token
13. Programming Model Essential claims programming model Claims Object Model integrated with the .NET identity API Single programming model for ASP.NET & WCF Single programming model for on-premises & cloud Configuration driven Tools for metadata-driven automatic application configuration WS-Federation, WS-Trust Framework for custom STS development And more… WIF – Windows Identity Foundation
15. How it works HTTPModule(s) in the ASP.NET pipeline of the application They take care of exposing policy, manage protocol redirects, establish sessions… WSFederationAuthenticationModule Implements the WS-Federation redirects protocol SessionAuthenticationModule Takes care of handling sessions (regardless of the sign-in protocol) ClaimsPrincipalHttpModule Provides a hook for injecting claims in the current principal WIF – Windows Identity Foundation
16. WIF ASP.NET Processing Pipeline WIF – Windows Identity Foundation WSFAM SecurityTokenHandler ClaimsAuthenticationManager SessionAuthenticationModule ClaimsAuthorizationManager
20. What is Identity Federation? “A user's authentication process across multiple IT systems or even organizations” – via Wikipedia What Is the Goal of Identity Federation? “The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration” – via Wikipedia http://en.wikipedia.org/wiki/Federated_identity Identity Federation in Silverlight
21. What is Passive Federation? Identity Federation in Silverlight 4. Authenticated Identity Provider Relying Party End-User Authenticated Trust Relationship 2. RP Redirects the User to the IdP 1. End-user browses to the RP 3. End-user logs in 6. IdP Security Token is presented to the RP Client 5. IdP issues a Security Token
23. 2. Authenticated What is Active Federation? Identity Federation in Silverlight Identity Provider w/ STS Relying Party End-User Authenticated Trust Relationship 1. End-User Requests Security Token 3. IdP issues a Security Token 4. IdP Security Token is presented to the RP Requestor
26. Claims-based Identity allows us to Free our Applications from Identity Silos WIF is allow us to easily implement Claims-based Identity on our Applications Identity Federation allows us to authenticate Users accross IT systems and Organizations Summary
27. Two Types of Identity Federation Passive – Redirection Based Active - Actively Authenticated against the IdP’s STS Summary Free your applications…