Exercise 2: Customizing the Credentials Accepted by a Local STS
This is an optional exercise. Its purpose is to understand a bit more the structure of an STS project: however it is very probable that most of the times you will rely on existing STSes rather than having to write one, hence feel free to skip to exercise three if you are in a hurry.
In Exercise 1 we have shown how to generate a development STS in order to keep our application free from authentication-specific code and for feeding it with the claims we needed. The default structure of the auto generated STS does not really perform any authentication step, and just takes care of feeding the application with claims by following the proper protocols: the credential gathering page does not really validate the credentials you enter, and just goes ahead with the issuing process. For the purpose of developing our RP application this is enough, however if you’d want to use that STS as a starting point for writing your own there are a number of aspects that require to be expanded.
In this exercise we will modify an automatically generated development STS so that it will actually authenticate incoming users against an ASP.NET membership provider store, and it will source claim values from an ASP.NET profile and a Role manager store.
You should always take into account that the exercises in this lab are didactic tools meant to demonstrate how to use the technology, and the code you see here is not ready for production use.
The redirects & claims flow, showing credential check and claims sourcing in the STS
Task 1 - Configuring the STS
In this task you will configure the STS to use ASP.NET authentication mechanisms.
Task 2 - Using the Roles Principal
In this task you will change the STS to issue claims about the user coming from the principal and the Profile.
Exercise 2: Verification
In order to verify that you have correctly performed all steps in exercise two, proceed as follows:
If you are using the End solution to test the results without performing the exercise tasks, first, you have to give write permissions to NETWORK SERVICE (or IIS_IUSRS for Windows 7 and Windows Server 2008 R2) user for the App_Data folder in the STS project as detailed on the first steps of Task 1.