Get started for free
Visual Studio Developer Center >
How to authenticate a non-Active Directory user in "Geneva" Server

已答复 How to authenticate a non-Active Directory user in "Geneva" Server

  • Wednesday, August 26, 2009 3:36 PM
     
     
    Sign In to Vote
    0
    I am looking at setting up "Geneva" Server in an environment where we have internal website users that are in Active Directory and external users who are not. For the external users we would like to present a custom login/registration page and to authenticate users against an external users database.

    What I've read so far seems to indicate that the "Geneva" Server passive authentication approach only works against Active Directory. I can't see a way to configure it to use any other store of users (other than for providing additional claims once a user has been authenticated).

    At the moment, the only solution I can think of is to write a custom STS for authenticating the external users and then setting this up as an identity provider in  "Geneva" Server. This doesn't seem ideal. Is there another approach - ideally where I could write a custom login page and have the "Geneva" Server FederationPassive site use this but still issue a token from "Geneva" Server?
     

All Replies

  • Thursday, August 27, 2009 9:23 PM
     
     
    Sign In to Vote
    0
    You're correct - the easiest way to do this is via a custom STS that you then configure as an identity provider for your main AD FS server.

    To make the experience more fluid to your users, you can cusotmize the web pages to provide the option to log in for external users.  This web page could submit the request to your custom STS, receive a token, and then call the SignIn method on the FaultHandlingWSFederationPassiveAuthentication.

    Does this answer your question?
     
  • Friday, August 28, 2009 8:26 AM
     
     
    Sign In to Vote
    0
    You can hava a look at Starter STS - this should get you started quite quickly.

    http://startersts.codeplex.com
    Dominick Baier | thinktecture | http://www.leastprivilege.com
     
  • Friday, January 29, 2010 7:31 PM
     
     Answered
    Sign In to Vote
    0
    We posted a blog post on how to customize the web UI to authenticate a username/password against a different account store.  Have a look at http://blogs.msdn.com/card/archive/2010/01/27/customizing-the-ad-fs-2-0-sign-in-web-pages.aspx 

    You'll still need to throw up an STS that talks WS-Trust, but WIF or StarterSTS should make that process pretty smooth.