WIF Basic Principles (5) Introduction to WIF function

WIF (Windows identity Foundation) is a framework for building identity applications. The framework abstracts the Ws-trust and ws-federation protocols, and renders the APIs for building security token services and declarative-aware applications to developers. Applications can use WIF to handle tokens issued by the security token service and make decisions based on identities in Web applications or Web services.

WIF has the following main features:

1 Build the Declaration-aware application (the relying party application).

WIF can help developers build declarative-aware applications. In addition to providing a new declaration model, it provides application developers with a rich set of APIs to help them make user access decisions based on the declaration. Regardless of whether developers choose to build applications in asp.net or WCF environments, WIF provides them with a consistent programming experience.

2 Visual Studio Templates.

WIF provides built-in Visual Studio templates for declarative-aware asp.net Web sites and WCF Web Service applications to shorten learning time that is familiar with the claims-based programming model.

3 Easy confidence-building between declarative-aware applications and STS.

WIF provides a utility called Fedutil that allows easy confidence-building between declarative-aware applications and STS, such as ADFS 2.0 and LiveID Sts. Fedutil supports asp.net and WCF applications. It is also integrated with Visual studio, so that you can call it by right-clicking the project in Solution Explorer and choosing the Add STS Reference menu item, or by using the Tools menu in Visual Studio.

4) asp.net control.

The ASP.net control simplifies the development of a ASP.net page that is used to build a declarative-aware Web application.

5 The conversion between the declaration and the NT token.

WIF includes a Windows service that serves as a bridge between declarative and NT token based applications. It provides developers with a simple way to convert a declaration to an NT token identity, and to access resources that need to be based on an NT token identity from a declarative-aware application.

6 Build Identity delegation support in a declarative-aware application.

WIF provides the ability to maintain the identity of the original requester across multiple service boundaries. Using the "Actas" or "onbehalfof" function in a framework enables developers to use this feature to add identity delegation support in a declarative-aware application.

7 Build a custom security Token service (STS).

WIF makes it extremely easy to build a custom security Token service (STS) that supports the Ws-trust protocol. This type of STS is also known as Active Sts.

In addition, the framework provides support for building another class of STS that supports ws-federation to enable Web browser clients. This type of STS is also known as passive Sts.

Wif mainly supports the following scenarios:

Scenario 1 federated authentication.

WIF can build federated authentication between two or more partners. Its support for building declarative Awareness Applications (RP) and custom security token services (STS) can help developers implement this authentication scheme.

Scenario 2 identifies the delegate.

The wif makes it easy to maintain identities across service boundaries so that developers can implement identity-delegated authentication schemes.

Scenario 3 upgrades authentication.

The authentication requirements for different resources within the application may vary. With WIF, developers can build applications that may require incremental authentication requirements, such as using User name/password authentication at initial logon, and then upgrading to smart card authentication.

By using WIF, you can more easily benefit from the claims-based identity model described in this topic.

WIF token types include: SAML 1.1, SAML 2.0, X.509, UPN, Windows (Kerberos or NTLM), RSA key pair.

The WIF authentication types include: password, Kerberos, Secureremotepassword, Tlsclient, X.509, PGP, Spki, XMLDSIG, unspecified.

------------------------Note: This part of the text is adapted from the ". NET Security Secrets"

Author: Hyun-Soul

Source: http://www.cnblogs.com/xuanhun/

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Programming/net/