开发者

Why does web client require Passive STS when using WIF

I have a web application and would want it to be secured using a Custom STS using Windows Identity foundation开发者_JS百科 3.5. All examples have a passive STS in scene. Why is this needed? and What happens if you call the Active STS 9Custom written using WIF) directly?


Normally you use passive federation for web application, because web clients are unable to emit proper SOAP hence got the label "Passive Requestor", while anything able to produce proper SOAP got the label "Active Requestor" and can use Active Federation without problems. There are luck of samples of this on internet, but check Vittorio Bertocci's blog, there you can find great articles about active and passive federation.


The simplest example is to generate a web application in Visual Studio and then run the "Add STS Reference" wizard (which is enabled if you install the WIF SDK). You do this by right-clicking on the web project.

You can run the same against a web service and the wizard will create an STS for "Active Clients".

"Active" and "Passive" are implemnetation details. As Daria mentiones above: "Passive" refers to web browsers and "Active" to anything capable of using WS-Trust which is the protocol you use to obtain a token from an STS.

In a production environment, you should use a "production" ready STS (like ADFS). Building one is not impossible, but it might take time.

You can read more about claims based identity here: http://msdn.microsoft.com/en-us/library/ff423674.aspx

Eugenio

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜