0

I have to authenticate web users with STS (Thinktecture V2 STS).

Following are my applicaitons:

1 asp.net web applications (RP) - act as frontend 2. Backend Web API (RP) - provides data based on claim (lets say c1, c2) 3 STS (Thinktecture identity server v2)

The web application has two types of users:

1 Normal web users (Bob) - User enters username and pwd. STS authentitcates against our own database by implementing IUserRepository. Also implements IClaimrepository to add claims c1 and c2 with values retrieved from our own databse based on username. The token recieved from STS is then use to access web api.

  1. Internal company user (Allen) : These user provides Active directory credentials for authentication. If they are valid users they should have claims called Group. The group they belong to in active directory. then these users should able to access same backend web api methods on behalf of Bob( normal web user). This means STS should provide a token which has claims c1 and c2 of Bob.

The part to authenticate Normal web user is done. But dont know how to implement authentication for "Internal company user". The only part I know is that to authenticate "internal user" I will have to use ADFS but after that what to do?

Please help.

user1213831
  • 309
  • 7
  • 22

1 Answers1

1

You typically use ADFS for that -

1) install ADFS and get it up and running

2) Add ADFS as an identity provider in IdSrv (and IdSrv as a relying party in ADFS)

3) use the issue/hrd endpoint in IdSrv instead of the standard wsfed one

leastprivilege
  • 18,196
  • 1
  • 34
  • 50
  • Thanks for the reply. But when ADFS issue a token which is then received by IDSRV. how can I make Allen (internal company user) to access backend web api by acting as Bob (normal web user)? – user1213831 Nov 08 '14 at 19:28
  • Well - If it is only about the claims that Allen should have in its token - you can fully control the claims using the identity server extensibility points. Check the wiki. – leastprivilege Nov 11 '14 at 06:06