Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.

I am writing a MVC 4 web app and want to use the new WIF and ADFS to Authenticate users. I also want to provide a profile page for users to "self serve" changes like phone number or maiden name.

I am looking for resources/tutorials (a good book) to show me how to wire it all up.

Users will be stored in active directory so I'm guessing that I should use the ADMembershipProvider for some of this. I believe there is a profile store attached to ADFS (or I can set one up) and I want to know if its good practice to interact with it directly or is the an API that with let me add claims etc.

Finally, how does all this fit into the new WebSecurity stuff?

share|improve this question
add comment

1 Answer

up vote 1 down vote accepted

In terms of the ADMembershipProvider, you don't need it.

ADFS under the hood handles the AD integration, You configure claims rules which determine which attributes ADFS extracts out of AD.

Update

In terms of editing the user in AD, this is an Identity Manager scenario. ADFS is a STS so it doesn't handle this. You need to do this directly e.g. Howto: (Almost) Everything In Active Directory via C#. Be aware that you need an AD login that enables write access to do this. This is a different credential set to the set that allows you to login to ADFS.

ADFS just provides the login screen. Out the box you don't get any self-service functionality. You need to customise the ADFS screen yourself e.g. AD FS 2.0 Sign-In Pages Customization Overview.

share|improve this answer
 
but how do I interact with AD. eg the membership provider has methods to change passwords and edit other user details. I will want to provide that facility to my users. –  Peter Nov 13 '12 at 21:12
 
I don't think you can allow third party apps to manage ADFS 2.0 for you. That's for them to do on their own computers when they log into the network or the AD server. What your integration will do is to allow the user to log in to your app without having to "resync" passwords if they changed theirs that morning or something bc ADFS takes care of all that for you. –  EdenMachine Jan 28 at 19:31
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.