Enhancing an ASP.NET Membership Provider Website with Identity Provider Capabilities
This lesson demonstrates how to add a simple STS to you ASP.NET membership provider-based website. By adding a simple page containing WIF code you will enable your partners to accept your users in their websites, even enabling Single Sign On for the users already logged in your website!
Contrary to what you may have heard, reaping the benefits of claims-based identity & access management does not necessarily require any rip & replace intervention on your existing asset. In this short hands-on lab we will demonstrate how you can easily enhance a common ASP.NET membership provider website with identity provider capabilities, enabling new scenarios without disrupting the existing functionalities or your user’s experience. Furthermore, we will do all this without requiring any special security knowledge. The code we will demonstrate is not production ready, of course; however it should be enough for giving you idea of the general application’s structure.
Let’s assume that you are running a website which manages authentication via the mechanisms offered by ASP.NET Membership: the user store is based on SqlMembershipProvider, the credential gathering is implemented via forms authentication plus Login web control, roles and profile information are managed via the usual ASP.NET classes.
Let’s also assume that you have a business partner, running a website as well, which would like to be able to offer special conditions to your users: recognize them as your users, personalize the experience or handle authorization according to user information you keep in your profiles or roles, perhaps even achieve single sign on between your site and theirs. In other words, your business partner would like to use your website as an Identity Provider (IP). Traditionally, the trivial solutions to the problem (like duplicating credentials stores and keeping them synchronized) would require so much work that it would seldom make business sense: however claims based identity and the Windows Identity Foundation Framework lower the bar, making the above significantly easier to implement and maintain.
The Windows Identity Foundation Framework solution can be extremely simple: we just publish an extra page in our website, whose sole purpose is offering an entry point to our application when a user of ours wants to sign in a third party partner website. Such a page, which in the identity jargon takes the name of passive Security Token Service (or passive STS), will understand requests presented via standard protocol (in our exercise it will be WS-Federation, but the principle holds for other protocols as well) and will return the requested values using the same conventions. The use of standards not only guarantees that the third party website will be free to leverage whatever technology or platform uses the same standard, but also makes possible the use of specific tooling for automating many of those processes and hiding away the details of the specific implementation.
This hands-on lab will help you to apply the solution described above, by enhancing an existing APS.NET website with a simple STS and by configuring another website to take advantage of that STS.
In this Hands-On Lab, you will learn how to:
You must have the following items to complete this lab:
You must perform the following steps to prepare your computer for this lab.
In addition to the setup script inside the %YourInstallationFolder%\Labs\MembershipAndFederation\Source\Setup folder, there is a Cleanup.cmd file you can use to uninstall all the code snippets installed by the SetupLab.cmd script.
The following exercise makes up this Hands-On Lab:
Each exercise is accompanied by a starting solution. These solutions are missing some code sections that are completed through each exercise and therefore will not work if running them directly.Inside each exercise you will also find an end folder where you find the resulting solution you should obtain after completing the exercises. You can use this solution as a guide if you need additional help working through the exercises.
Estimated time to complete this lab: 25 minutes.