The objective of this hands-on lab is the creation of a WIF based identity provider (claims provider/security token service)
Add the WifExt
project, located at /CIWS/code/WifExt
into the current solution.
Create a new ASP.NET web application project to the solution.
Add an ASP.NET web form called “issue.aspx”
Add the following code the Page_Load
form method
FederatedPassiveSecurityTokenServiceOperations.ProcessRequest(
Page.Request,
Page.User,
new SimpleSecurityTokenService(new SimpleSecurityTokenServiceConfiguration()),
Page.Response);
This code uses the ProcessRequest
static method to handle the WS-Federation request, fetching its contents from the Page.Request
and inserting the response on the Page.Response
object. Note the issuance process also depends on the requesting user’s identity, present in Page.User
. This code uses the SimpleSecurityTokenService
and SimpleSecurituTokenServiceConfiguration
classes, developed in the next steps, for the token issuance.
Develop the SimpleSecurityTokenServiceConfiguration
, deriving from SecurityTokenServiceConfiguration
. In the constructor, define
SimpleSecurituTokenService
;Develop the SimpleSecurityTokenService
, deriving from SecurityTokenService
and implementing the following abstract methods:
GetScope
, that returns the request scope, given the request information. The returned scope should define the following properties: ReplyToAddress
, AppliesToAddress
and TokenEncryptionRequired
.GetOutputClaimsIdentity
, which returns the claims to issue.Change the web.config
file, so that anonymous access is denied.
Create a new web form, called whoami.aspx, that presents the user’s claims. Use this page to check the authentication process.
Copy the files metadata.ashx and metadata.ashx.cs from the /CIWS/code/misc
into the current project. Perform the required changes on metadata.ashx.cs
using the helper methods contained in the WifExt
project.
Get the metadata generated by metadata.ashx
and use it to create a new identity provider on the ACS tenant created during HOL 2.
Test the developed identity provider.