60 Seconds On Developing Claims Aware ASP.NET Web Applications And WCF Services Using AD FS

  • Article

As a developer of ASP.NET web applications and WCF service what should I know about AD FS and how to integrate it with my apps and services?

First, realize if your scenario requires AD FS. To do so consider the following three key scenarios and their characteristics:

  1. Provide Your Active Directory Users Access to Your Claims-Aware Applications and Services
    • Employees logged on to the corporate Active Directory.
    • SSO is required (reuse of the same credentials).
    • Access applications or services in the perimeter network in your own organization. Or
    • Application needs to take advantage of claims, effectively become claims-aware application, for example, if you want to implement Claims Authorization in a Claims-Aware ASP.NET Application.
  2. Provide Your Active Directory Users Access to the Applications and Services of Other Organizations
    • Employees logged on to the corporate Active Directory.
    • SSO is required (reuse of the same credentials).
    • Need to provide access for your organization’s employees applications or services in in other organization.
  3. Provide Users in Another Organization Access to Your Claims-Aware Applications and Services
    • Other organization employees logged on to their corporate Active Directory.
    • SSO is required(reuse of the same credentials).
    • Need to provide access for other organization’s employees applications or services in your organization.

Second, review the high level steps needed to make the application claims-aware so it can integrate with AD FS:

  1. In most cases you will need to install and use Windows Identity Foundation or WIF. You will need Windows Identity Foundation runtime when running the applications and services and Windows Identity Foundation SDK when developing them using Visual Studio. Note: WIF is now out of band installation that ships separately from .Net Framework. It also is not available at present with Windows Azure instance by default. In .Net 4.5 WIF is part of the .Net Framework.
  2. You will need to consult your system administrator what the endpoints URL’s that are exposed by AD FS.
  3. The end point URL’s will be used when configuring your ASP.NET web applications and services using FedUtil or programmatically.