stackoom
  简体   繁体   中英

Confused about STS and WIF

 原文  2013-06-11 21:43:23       single-sign-on/ wif/ adfs

Question

I am building 3 new websites and want to use WIF4.5 for SSO across these 3 different domains. I have read tons of materials about the WIF, while I understand the principles and purpose of WIF I am still very confused about how it works in real life, please help me understand the following questions, many thanks.

All my sites will be hosted using shared hosting services.

  1. Everyone is saying that there's no need to build you own STS, but if that's case where can I found external services I can use to sign in my users and what about normal user registration interface for new users? and What about my existing users?

  2. If i only need to build claim based web applications, where do I get user identities from in a real production environment? Do I have to pay them or do they need to go through my sites to approve them?

  3. Is it correct that its no longer possible to let user register on my websites if I use STS?

  4. Do I need to enable SSL and buy X507 certs for all my sites if I want them to be claim based websites?

  5. I want to have a shared user database to store all our users, old and new, does that mean I have to build my own STS?

  6. What exactly does it take to build my own STS, can I pcik one of my websites to be my own STS provider for my own websites?

  7. What does it take and cost to build a STS? like SSL, certs, other stuff?

  8. Can I enable social sign-in like facebook/Google/Yahoo if my sites are claim based?

Thank you guys.

3 answers

solution1
 1 ACCPTED  2013-06-11 21:52:43

  1. You definitely CAN write your own sts.
  2. You can allow your users to register in your sts or federate with an external identity provider (google/facebook)
  3. No, an sts is just a asp.net web app, users CAN register there.
  4. No, although ssl is recommended when usernames/passwords are involved.
  5. No, you can use an existing sts like the IdentityServer which allows you to use a custom MembershipProvider against your own database http://thinktecture.github.io/
  6. Yes. http://netpl.blogspot.com/2011/08/quest-for-customizing-adfs-sign-in-web.html
  7. X509 certs for token signing can be created with free tools like portecle or makecert
  8. Yes.

solution2
 0  2013-06-12 15:46:17

Microsoft has the Access Control Service (ACS) which supports Windows Live ID, Google, Yahoo!, and Facebook logins. Unless you need to option for users to register accounts at your site that might be a good option.

solution3
 0  2013-06-13 00:04:07

If you want a (1) free solution as an STS or (2) want to have your own Id store, Thinktecture's identity server is the way to go.

I have some written some tutorials on how to do it.

http://claudioasanchez.blogspot.com/2011/09/setting-up-thinktectures-identity.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WIF, STS and Membership tables WIF STS SSO issue - RPs cannot access each other What's the difference between ADFS, WIF, WS Federation, SAML, and STS? SAML2 token not working with WIF/Federated/STS for SSO - please help/advise WIF and Subdomains WIF IDP and SimpleSamlPHP as SP Integration with Shibboleth using WIF Logout in Single Sign On with WIF Single Sign on With WIF ADSF/WIF interaction example
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM