The .Net framework started with 3 common types authentication/authorization.
|Forms authentication||Uses Membership database and basic authentication|
|Windows authentication||Common to Winform applications|
|Uses Windows User authentication|
|Third party||Custom build authentication|
Windows Identity Framework (WIF) was introduced to enable Windows applications to support claims identity. The WIF framework introduced IPrincipal (for authorization) and IIdentity (for authentication) interfaces on top of existing .Net authentication functionality for backward compatibility.
The WIF framework introduced ClaimsIdentity to support user claims and facilitate Windows identity to be compatible with claims based Security Token Service (STS). Below is a brief overview of how WIF functioned.
- User request login
- The user gets re-directed to STS (ADSF, OAUTH compatible STS, etc..)
- STS generates an authentication token.
- Relying Party (authenticating server), deserialize and verify the token and its claims
- Claims transformation (optional)
- Authenticate user and issue session token
source - Build Custom STS