2

I have existing application that is working based on forms authentication. I want to enable optional single sign on in my application. I want to create on additional login page (login_sso.aspx) that will use STS to authenticate user and if user authenticated successfully then it will create a forms auth cookie that way rest of the application will work same without any change. In my audience uri i will use login_sso.aspx page

<audienceUris>
<add value="https://www.myapp.com/login_sso.aspx" />
</audienceUris>

for this i have to keep authentication mode="None", but then my original login page wont work and if i keep the authentication mode="Forms" then my login_sso.aspx wont redirect to the STS. It works only if i will set authentication mode="None".

Is there any work around for this? where i can keep my authentication mode="Forms" and still use STS (only for login_sso.aspx)

srjt
  • 316
  • 2
  • 10

1 Answers1

2

There are many solutions to this. One thing to consider is what you mean by "optional SSO". If by that you mean that your app will now accept identities from 3rd party providers (a customer's STS or LiveID or Google Ids), in addition to your own usernames/passwords; then the cleanest and most elegant approach is to:

  1. Claims enable your app (which if you use Forms AuthN today will likely have ZERO impact on your code)
  2. Introduce an STS (your own) that will be both a "Federation Provider" (meaning that it will be a bridge between your app and all 3rd party identity provoders); and an Identity Provider in itself (authenticating your users as you are doing now).

1 is relatively easy. For #2 you need to acquire an STS. Depending where you are hosting you might be able to use an off-the-shelf STS like ADFS (v2) or you might need a custom one (e.g. IdentityServer on CodePlex)

A less elegant (and less future proof) solution would probably require some programmatic manipulation of WIF (like the one described in this post).

BTW, the "audience URI" is not an URL into your app. It is meant to identify the consumer of the token issued by the STS.

Community
  • 1
  • 1
Eugenio Pace
  • 14,094
  • 1
  • 34
  • 43