Hi all,
So far, what I understand are (please correct me):
- ACS provides a very easy way to setup identity provider (Google, Facebook...), I need to setup Windows Azure subscription and then setup the web.config file. To authorize user/role in code, I cast the Thread.CurrentPrincipal or HttpContext.Current.User to ClaimsPrincipal and invoke the method HasClaim or FindFirst
- For OAuth 2.0, to authorize the user, I need to use OAuthWebSecurity class to do all the fancy things
- ADFS is supported on Windows Server 2012, and allows to do the similar things as ACS as well as to build your own STS service
- You can also use WIF to build STS. To enable WIF in your application to trust identity provider(s), I can setup web.config file to trust an identity provider/STS (trustedIssuers element)
- A custom STS can be built without ADFS by using third party framework
Questions:
- When should I use Active Directory Federation Service, WIF, a custom STS, ACS, Claims Principal, OAuth 2.0
- What are the requirements for using these methods?
- Do ACS, OAuth, ADFS, STS always return ClaimsPrincipal object that are assigned to Thread,CurrentPrincipal?
- If I use ACS, do I need to manually setup trustedIssuers element or the Identity and Access Tool complete the configuration?
- Is the configuration always the same to setup trusted provider for ACS, OAuth, ADFS, STS?
- Where are the claims stored if I want to add a claim using AddClaim method?
- Does Claim's type always have to be in uri format such as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince?
Sorry for asking to many questions.
Thanks,
Sam