Question

Ok so I ve step up a very simple asp.net and wcf service to use and STS for authentication, however, I wonder how can i achieve the same if configuringing it programatically.

I know I need to have certain information in web.config , I can also seee that from my client I have access to the namespace Microsoft.Identity.Configuration namespace ...but well there is a bit of a walk from that to actually having a configured app, if someone has walked that, I m all ears

the first and most important milestone is to programatically configure the sts to use, then the actual address of the apps ( audienceUrl and wsFederation->realm), then the certificates certificateReference and trustedIssuers section

Cheers

Answer 1

You would need to dynamically configure the required modules (WSFederationAuthenticationModule and SessionAuthenticationModule) as part of creating the configuration. Part of this would involve setting the signing certificate on the fly (remember that it will need to be installed on the server on which the RP resides as well as have the correct permissions so that the RP can access the private key of the certificate). This latter part was asked about in this question: Change certs of WCF service on the fly, no downtime. I have not addressed that question, but (FWIW) my gut tells me that you cannot change the cert on the fly.

The bottom-line is, I do not think this can be done without significant effort at the very least. One solution I recently implemented to make creating new RP applications fairly painlessly was to create a NuGet package that can be added to a project which will configure the new application according to the standards of the organization (using a known STS, cert thumbprint, etc).

@Rice Flour Cookies mentioned the federation metadata, you don t necessarily need the metadata, but it helps when automating configuration.

友情链接