Microsoft Windows Identity Foundation has been released to the Web (RTW).
It helps simplify user access for developers by externalizing user access from applications via claims and reducing development effort with pre-built security logic and integrated .NET tools. Users can benefit through single sign-on and seamless collaboration across organizational boundaries.
At PDC, Microsoft announced that Windows Identity Foundation will be available in Windows Azure. This means that a federated identity can be used to provide a single sign on to multiple applications, both in the enterprise and in the cloud.
This claims-based architecture is more flexible approach to establishing a users' identity, than a straight forward, on-premises Active Directory system. The claims-based architecture can accept digital identifiers from multiple sources, such as LDAP directories, Active Directory, Outlook or Lotus Notes directories, certificates from security services, or a Windows token.
Once a user's identity verifier is supplied, a central brokering authority compares the "claim" to that required by a particular application. If there's a match, use of the application can proceed.
Any company that has, or plans to have, more than one Web application or Web service, can benefit by starting with a claims-based model for identity. One of the major benefits is to have application developers focus only on application business logic while the identity related requirements can be handled by external issuing authorities like Active Directory Federation Services ADFS 2.0 (previously known as “Geneva” Server). Or if you have in-house identity expertise, you can build a custom provider using WIF.
To get started, see Microsoft Windows Identity Foundation (WIF) Whitepaper for Developers.
The WIF object model for claims may seem a bit complicated at first glance, with subjects, issuers, claim types and values, but in practice it’s easy to use.The following code sample shows a typical example from a claims-aware ASP.NET Web application. This example sends a personalized email to the user when she clicks a button.
protected void SendLetter_Click(object sender, EventArgs e) { IClaimsIdentity id = ((IClaimsPrincipal)Thread.CurrentPrincipal).Identities[0];
// you can use a simple foreach loop to find a claim... string usersEmail = null; foreach (Claim c in id.Claims) { if (c.ClaimType == ClaimTypes.Email) { usersEmail = c.Value; break; } }
// you can also use LINQ to find a claim string usersFirstName = (from c in id.Claims where c.ClaimType == ClaimTypes.GivenName select c).First().Value;
StringBuilder body = new StringBuilder(); body.AppendFormat("Dear {0},", usersFirstName); body.AppendLine(); body.AppendLine("Thank you for shopping with us!"); new SmtpClient().Send(new MailMessage( "admin@fabrikam.com", usersEmail, "Message from Fabrikam", body.ToString())); }
In this example, the code uses Thread.CurrentPrincipal to access the user’s identity. Then it loops through all of the claims for the user, using IClaimsIdentity.Claims, looking for the ones it needs right now: first name and email address. It then uses those claims to send a personalized email message to the user. The example also shows two ways of finding claims. The code finds the email claim with a foreach loop, and uses a LINQ expression to find the first name claim.
WIF offers built-in Visual Studio project template for creating a claims-aware ASP.NET application or WCF Web Service. Each template is available within the Visual Studio development environment when you navigate to File –> New –> Web Site… and select Claims-aware ASP.NET Web Site or Claims-aware WCF Service.
For more details, see Microsoft Windows Identity Foundation (WIF) Whitepaper for Developers.
See the following PDC Videos:
Windows Identity Foundation is part of Microsoft's identity and access management solution built on Active Directory that also includes:
Bruce D. Kyle ISV Architect Evangelist | Microsoft Corporation
Special thanks to Information Week: Microsoft Azure Supports Federated ID