Monthly Archives: December 2009

Windows Identity Framework – Externalising Authentication



As an architect that works for an ISV, I’m interested in making our application functionality to as useful as possible to as many people as possible in an organisation.

A “barrier to entry” for applications can be when a customer only needs a small part of the application functionality.    Many applications have their own authentication and login sequence, which make them unsuitable for this kind of functionality.

Typically customers have some kind of corporate application, intranet or portal that is designed to incorporate little bits of applications.  Over the last few years a number of authentication standards have become accepted by many organisations, including Microsoft.

Microsoft have released the RTM version of WIF (Windows Identity Framework) which provides a layer of abstraction over authentication, allowing a pluggable approach to establishing trust between web applications.

Vittorio Bertocci provides an excellent overview of WIF in his PDC09 Talk.

In this demo, Vittorio demonstrates adding an “STS Reference” to his project.  An STS is a “Secure Tokens Service”.    He also shows how “Claims” (properties against a credentials token) can be bound to fields in a webforms user interface.

It’s heartening to see Microsoft attempting to take a traditionally complex area and create tools to make it usable.