Evolution of .Net Authentication/Authorization

The .Net framework started with 3 common types authentication/authorization.

Forms authentication Uses Membership database and basic authentication
Windows authentication – Common to Winform applications
– Uses Windows User authentication
Third party Custom build authentication

Windows Identity Framework (WIF) was introduced to enable Windows applications to support claims identity. The WIF framework introduced IPrincipal (for authorization) and IIdentity (for authentication) interfaces on top of existing .Net authentication functionality for backward compatibility.

User Identity has been extended to include ClaimsIdentity properties while being backward compatible.

The WIF framework introduced ClaimsIdentity to support user claims and facilitate Windows identity to be compatible with claims based Security Token Service (STS). Below is a brief overview of how WIF functioned:

  1. User request login
  2. The user gets re-directed to STS (ADSF, OAUTH compatible STS, etc..)
  3. STS generates an authentication token.
  4. Relying Party (authenticating server), deserialize and verify the token and its claims
  5. Claims transformation (optional)
  6. Authenticate user and issue session token
Federated authentication using STS and WIF framework

source – Build Custom STS

Leave a Reply

Your email address will not be published. Required fields are marked *