Introduction
In the current development environment, any developer wants to develop a secure ASP.NET application. Now any developer can get the benefit of an OWIN component preview that secures the ASP.NET applications with Windows Azure AD, ADFS, and any other identity provider supporting WS-Federation. The teams of ASP.NET and Active Directory were very busy to cooperate on a new OWIN-based programming model to secure the ASP.NET application, So, now it is possible.
Claims-Based identity and the .NET framework
The Claims-Based Identity made its debut in the development scenario in 2009 when the Windows Identity Foundation was released. At that time the only people working with claims-based identity were individuals with a background in both development and administration. When the .NET 4.5 Framework was released, all the WIF classes migrated with the System.Security.Claims. Now this is available directly in all the project templates that are used in the Visual Studio 2013. The updates are released frequently in the NuGet Gallery for implementing the latest industry advancements.
Start with Microsoft.Owin.Security.WsFederation
You can refer to Introduction to OWIN to get further information. The templates used in the Visual Studio 2013 are leveraged with this. The .NET Framework already provides all of the raw functionality for processing claims-based identity flaws: token formats, cryptography and so on.
Claims-Based Identity Support with Microsoft OWIN Components
Now Microsoft.Owin.Security is extended to include the base classes to be used for implementing standard web sign-in protocols such as OpenID or WS-Federation. Finally therefore a new component Microsoft.Owin.Security.WsFederation is created to handle the WsFederation protocol. The team started with this WS. Federation because that's the most commonly supported protocol in the current scenario and it also allows you to connect to both the Windows AD and ADFS from version 2.0 on. The support of OpenID will come soon.
You can easily install this package using the following command in the Package Manager Console.
Install-Package Microsoft.Owin.Security.WsFederation -Version 3.0.0-alpha1 -Pre
![Package Manager]()
Application Configuration
We can use an example of an MVC application. In the Startup.Auth. cs file, we can configure it by the following code.
using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;
namespace MvcCricketer
{
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
//AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
//LoginPath = new PathString("/Account/Login")
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = "",
Wtrealm = "",
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication();
}
}
}
In the code above, you can see the following two main factors, given below.
- MetadataAddress: This value represents the Windows Azure AD tenant (you can use an ADFS instance) to authenticate the users. This does not change if you are writing a line of business apps for the company.
- Wtrealm: It represents the identifier for the application as assigned at the app configuration in the authority authentication.
More Advantages
- Now it is possible in a single application to associate with multiple authentication types.
- It's now very easy to use claims-based identity in self-hosted scenarios
Note. If you want to apply it in the MVC App using Windows Azure AD then you can refer to the Securing MVC App with Windows Azure AD.
Summary
This article explained that there is a very new way to use a Claims Identity in the various project templates in Visual Studio 2013. This preview is available in the NuGet Gallery. Thanks for reading and Stay Updated.