Share via


How to: Build an ASP.NET Relying Party Application

[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

In this scenario, you use the WIF Visual Studio templates and FedUtil to create an ASP.NET Web site that lets you access the current user’s claims through IClaimsPrincipal. The way this works is that FedUtil adds the ClaimsPrincipalHttpModule to your project. The module lets you convert the current user’s IPrincipal object to an IClaimsPrincipal object.

Note

You must run Visual Studio in Elevated mode for FedUtil to work correctly.

In Visual Studio, create a Claims-Aware ASP.NET Web Site as shown in Claims-Aware ASP.NET Web Site.

Next, right-click your project in the Solution Explorer and select Add STS Reference:

79a0b161-f082-4c34-96e7-7da5d3126776

This runs the FedUtil tool. You’ll see the FedUtil dialog box, beginning with the Welcome to Federation Utility tool page:

55362f83-729f-4ecb-84a6-7d7f18ce736a

This page requires you to enter two fields:

  1. Application configuration location: Specify the path to the web.config file for your ASP.NET Web site. If you run FedUtil from outside Visual Studio, this field is empty. If you run FedUtil from inside Visual Studio, this field already contains the path to the web.config file for your project. The web.config file must already exist and should be in its default state (that is, as it was generated by Visual Studio). If you run FedUtil more than once on the same web.config file, FedUtil simply overwrites the content that it adds to the web.config file.

  2. Application URI: Specify the URI for your ASP.NET Web site. If you run FedUtil from outside Visual Studio, this field is empty. If you run FedUtil from inside Visual Studio, this field already contains two URIs for your project: one that uses localhost, and one that uses the fully qualified domain name for your computer, if available. If the URI is not secure (that is, does not begin with “https://”), you receive a warning when you click Next.

When you have provided the information, click Next. You’ll see the Security Token Service page:

92008115-e10f-474a-b0ae-3090f860897f

Select No STS and click Next. You’ll see the Summary page:

b625c9c6-004d-43d8-a278-b1e8ea252ef7

Click Finish.

Now open your default.aspx.cs file and note the first two lines of the Page_Load method:

IClaimsPrincipal claimsPrincipal = Page.User as IClaimsPrincipal;
IClaimsIdentity claimsIdentity = ( IClaimsIdentity )claimsPrincipal.Identity;

The remaining code simply lists the claims for the current user and their values.