3

I am going to be using Web API for an upcoming project and was asked to integrate an existing STS provider into the equation as my authentication mechanism. Therefore my Web API would be the RP (relying party). I don't need any support to provide the actual token (like creation of STS Provider), just need to incorporate claims based authentication to the configured STS provider and use it in my Web API REST based service.

Does anyone know if this is possible, and some examples on how to implement this? I see full examples with creating a STS provider, but like I said it already exists. I just need to trust it and use for authentication purposes.

Improve this question
2
  • Although I wrote dozens of asp.net apps, I haven't used the Web Api yet. Does writing a RP differs then if the RP is to be a Web Api application? If no then you have a regular wif-enabled RP with dozens of tutorials on how to write one. Commented Dec 19, 2012 at 21:40
  • Yes because the was the messaging comes through is different then say a WCF service. The call stack is different. Commented Dec 20, 2012 at 13:34

1 Answer 1

Reset to default
2

Depends which protocols your existing STS supports. You need to find that out.

Basically you need to do this:

  1. request a token from your STS (from within your client app)
  2. send the token to the Web API
  3. validate the token inside Web API

The thing you need to find out is if 1. works with your custom STS - then we can talk about 2 and 3 ;)

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

The protocol the STS uses is SAML
I have seen your site and it provides the nest examples I have seen. I believe this leastprivilege.com/2012/03/13/… might be what I needed. What do you think?
@leastprivileg, in my case 1. is working....i..e request a token from your STS (from withing your client app) is working.....what do we need to configure at Web API config files?
Have a look here: github.com/thinktecture/Thinktecture.IdentityModel.45/… and specifically leastprivilege.com/2013/04/29/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.