I have been charged with the task of implementing a proof-of-concept for Windows Identity Foundation in my organization. The reason for the POC is that we do not have ADFS implemented but want to develop a unified authentication and authorization strategy for applications as we move forward.
The solution I will be working with consists of an ASP.NET MVC 2 application that consumes a RESTful WCF service application with a back-end SQL Server database. The solution currently uses Windows Authentication with custom permissions assigned based on the authenticated user's group membership. We want to maintain the single sign-on capabilities in the new solution.
Here's what I need help with:
- Setting up a temporary IP STS to use in lieu of ADFS
- Setting up a relaying STS that adds application-specific claims to the token
- How to set-up the solution the allow single sign-on, meaning that I don't prompt for the user's credentials but use their (Windows) identity when accessing the MVC site.
- I also want to make sure that the web services are secure in the event another consumer tries to access them.
Any help putting this together would be greatly appreciated. Most of what I'm reading assumes ADFS is in place and uses Forms Authentication so I'm at a loss how to satisfy my requirements.