Click here to Skip to main content
15,923,142 members
Please Sign up or sign in to vote.
4.00/5 (1 vote)
Hello everyone,

I've been searching round the net for a few days now for a guide to setting up a Windows Identity Foundation Security Token Service that specifically uses a username and password to authenticate the user requesting the security token via a custom credential store - in this case a DB.

I've got the following example working:

Claim based Authentication and WIF: Part 2[^]

But it's not what I'm after. My scenario is as follows:

1. User enters username and password into a web or windows application
2. Application sends username and password to the Security Token Service
3. Security Token Service authenticates the user against the DB
4. Security Token is returned to the calling application
5. Calling application uses token in subsequent calls to other services that implement a validator for the security token

The claim itself is very simple, it's just a username that the validated services subsequently use to identify the caller but for that to work I need to be able to authenticate the initial token request

I would be very grateful for any help with this as the wikipedia article's last section on misconceptions basically echoes what I've encountered in terms of documentation on the web:[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900