3

I am faced with a project that uses custom authentication via a WCF service that returns a set of claims based on some data identifying a user, close to user name and password. Then on top of this, I have a custom STS, derived from Microsoft.IdentityModel.SecurityTokenService, that resides in an ASP.NET web site project. This project looks like it was created with the VS2010 template, and not carefully had-crafted.

My gut feeling, and lots of on-line advice tell me that this web site STS project is very far from production ready. I am now looking for an MVC based STS that I can use in anticipation of being production ready. TinkTecture's IdentityServer looks promising, but it is so much more than simply implementing a custom derivation of SecurityTokenService, I have no idea where to start. If somebody could steer me toward an open project or walk-through that does this, or offer some guidance as to where and how I can start extending or modifying Identity Server, that would be great.

ProfK
  • 49,207
  • 121
  • 399
  • 775

2 Answers2

3

Have you looked at Thinktecture.IdentityServer v3? I'm at the moment using it and very simple to use. It is still in Beta but RTM will be available soon. It has good documentation and samples too.

https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki/Getting-started

https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki

Update: Identity Server 4 is also available. It supports cross-platform deployment with .NET Core. https://github.com/IdentityServer/IdentityServer4/

rawel
  • 2,923
  • 21
  • 33
  • Thanks. I do mention above that I have looked at IdSvr v3, but it is a bit harder than v2 to use, in it has no admin UI etc. And, it's way more than I need, but I might get back to it later. – ProfK Nov 28 '14 at 03:26
  • At the moment I'm using IdentityManager(https://github.com/thinktecture/Thinktecture.IdentityManager) for user management. You are correct about the limitations of admin ui. Hopefully it will get better with RTM. – rawel Nov 28 '14 at 04:14
  • This is the thing. All my user management etc. is external - I only need a secure token, which is why I think IdSvr is some overkill. – ProfK Nov 28 '14 at 07:48
  • https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki/User-Service can be used with external user management system. Sorry, I'm only familiar with Idsrv, So not sure if this really helps you. – rawel Nov 29 '14 at 01:08
1

Have you looked at the MSDN article by Michele Leroux Bustamante?

It's a little old and based on WCF, but it has code accompanying it.

Building A Custom Security Token Service

If you want ASP.NET based example, Microsoft published this: ASP.NET Security Token Service Web Site

There's also this STS project on CodePlex.

MvdD
  • 22,082
  • 8
  • 65
  • 93