I am working together with PluralSight on creating a full fledged curriculum around identity & access control for .NET and Windows.
This will include training material around core .NET identity (aka WIF 4.5), ASP.NET web applications, WCF services and ASP.NET Web API (and some other interesting ‘stuff’ ;))
In addition we are planning to create a number of fundamental course for crucial topics like X.509 certificates, protocols and tokens. So stay tuned!
The first course is now live: “Introduction to Identity and Access Control in .NET 4.5”.
It covers basics around IIdentity, IPrincipal. Claim, ClaimsIdentity and ClaimsPrincipal and introduces additional concepts like claims transformation, claims authorization and third party authentication.
I hope this is useful!
Dominick, first of all – just watched your PluralSight video on this and it was excellent!
I have question about direction, though. I have a standard .NET Web Application that is currently using Forms Authentication with custom username and password database management that I have to still support. Now, I need to ALSO add in WIF 4.5 to support federated logins as an additional authentication option. Can you describe the path I should be going down for doing this at a high-level? I’ve been reading up on Relying Party and Passive STS and I’m thinking this is the only way I’ll be able to accomplish what I’m trying to do but I wanted to confirm.
So, to sum it up – can I mix in STS login and normal Forms Authentication in the same Web application to where I can have a page in my site that checks what kind of authentication is required (Forms or WIF) and then based on some logic, serve up a login page or redirect them to an STS after figuring that out programmitically?
Help me, Obi-Wan, you’re my only hope! :)
Have a look here:
There is also the RedirectToIdentityProvider event on the ws fed module that gives you some control.