Click here to Skip to main content
13,247,704 members (53,402 online)
Rate this:
Please Sign up or sign in to vote.
Hello everyone,

I've been searching round the net for a few days now for a guide to setting up a Windows Identity Foundation Security Token Service that specifically uses a username and password to authenticate the user requesting the security token via a custom credential store - in this case a DB.

I've got the following example working:

Claim based Authentication and WIF: Part 2[^]

But it's not what I'm after. My scenario is as follows:

1. User enters username and password into a web or windows application
2. Application sends username and password to the Security Token Service
3. Security Token Service authenticates the user against the DB
4. Security Token is returned to the calling application
5. Calling application uses token in subsequent calls to other services that implement a validator for the security token

The claim itself is very simple, it's just a username that the validated services subsequently use to identify the caller but for that to work I need to be able to authenticate the initial token request

I would be very grateful for any help with this as the wikipedia article's last section on misconceptions basically echoes what I've encountered in terms of documentation on the web:[^]
Posted 3-Oct-12 8:26am

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web02 | 2.8.171114.1 | Last Updated 3 Oct 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100