How does the "ASP.Net Identity" compare with "Windows Identity Foundation"?

asp.net wif
Josh Mouch picture Josh Mouch · May 23, 2014 · Viewed 7.8k times · Source

I found this nice article that shows the evolution of the ASP.Net identity frameworks: http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity

However, I'm interested in how the Windows Identity Framework (WIF) fits into the picture with the new ASP.Net Identity Framework. Are they yet another set of competing Microsoft implementations?

Furthermore, if a developer is interested in supporting SAML authentication (which WIF supports), Active Directory authentication, and Forms Authentication, which would you choose?

Answer

Admir Tuzović picture Admir Tuzović · Jun 1, 2014

ASP.NET Identity is using WIF in the background. WIF is not only WS-Fed, it is now core of .NET framework when it comes to dealing with Principal/Identity. Basically namespace System.IdentityModel is now part of both WIF and .NET 4.5.

Goal of ASP.NET Identity is to provide out-of-the-box authentication mechanism with persistence and some other nifty features and thus replace traditionally used Membership providers which pretty much did the same, on very ugly way (after all, it is over 10 years old).

I personally am never using ASP.NET Identity on the project, but rather do my own user logic when it comes to persistence, mailing etc, and I operate directly with most important WIF classes such as SessionAuthenticationModule, ClaimsAuthenticationManager, ClaimsAuthorizationManager, etc. This gives me ability to write my own custom claims-based abstraction. WIF is all about CBAC (Claims Based Access Control).

Now when it comes to OWIN or not-OWIN, I'd say - go for OWIN (or to be more precise - go for Katana). ASP.NET will be entirely rewritten with new vNext technology, and Katana will play major role there. The sooner you get used to work with Katana middleware, the easier will be transition for you.

Keep in mind that all modules (FormsAuthenticationModule, RoleManagerModule, SessionAuthenticationModule, WSFederationModule,...) are not compatible with OWIN/Katana as concept of ASP.NET extension via IHttpModule is being replaced with Middleware philosophy.

Check out this "hidden" repository where MVC, WebAPI, SignalR are merged into new vNext MVC:

vNext MVC Repository

Related questions

URL redirection from ADFS server

I'm using ADFS for authentication in my ASP.net web app. The STS server redirects the browser to https://test.contoso.com. STS doesn't allow any return URL parameter when redirecting the client to STS in the first place. Would …

Read More
Federated Authentication on Azure

I'm using WIF (.net 4.5), and Azure Active directory for authentication. The website will sit on Azure. Everything works as expected locally, however when I put it onto azure I get the error: The data protection operation was unsuccessful. This may …

Read More
Microsoft.IdentityModel vs System.IdentityModel

I'm working on a claims-based authorization system using Forms Authentication and ASP.NET MVC 2. I see that one namespace "Microsoft.IdentityModel" provides a lot of the same things as the other "System.IdentityModel". System.IdentityModel Microsoft.IdentityModel Why do these 2 …

Read More