Saturday, May 05, 2012
So, what's all this about Windows Identity?
WIF is an SDK (and accompanying runtime) that allows a .Net developer to take advantage of WS-Federation and WS-Trust to authenticate a user and make authorization decisions based on claims about that person.
It's a drop-in replacement for simple Windows Auth or Forms Auth in the ASP.Net world, and has a handy method for flowing an identity securely from ASP.Net to WCF without having to write a ton of impersonation code. From the perspective of a developer, authentication just magically works. If you're using WIF, you can be guaranteed that if a user is accessing your application, they've been authenticated. Then, all that's left for you to do is inspect the claims to make authorization decisions.
It's a drop-in replacement for simple Windows Auth or Forms Auth in the ASP.Net world, and has a handy method for flowing an identity securely from ASP.Net to WCF without having to write a ton of impersonation code. From the perspective of a developer, authentication just magically works. If you're using WIF, you can be guaranteed that if a user is accessing your application, they've been authenticated. Then, all that's left for you to do is inspect the claims to make authorization decisions.