Implementing STS for a web api acting as Data service

[hpals]

Hi,

I am developing a asp.net web api which acts as a Dataservice and it will be used by all other applications within the organization who wants to interact with Database.

For implementing security , I have a to develop a STS should create tokens and validate all user it against organization's own database. The claim should contain userid and few other user details.

Also the login implementation for the current asp.net webform website should be implemented in a following way:

1 Website login page passes credential to STS. 2 STS validates against organization's own database(SQL Server) and returns token back to website.

3. Website uses that token to get data from the asp.net web api Dataservice which will be hosted on a seperate web server.

So far reading on internet and tutorials, I found that I need to setup an identity server v2 by implementing IUserRepository and IClaimRepository. But after that what other steps I have to follow in order to fullfill above requirements. Any help is hugely appreciated.

Thanks

[brockallen]

It sounds like you need to look into OAuth2 next -- IdentityServer 2 has some limited OAuth2 support, but might be enough for your needs.

[hpals]

What is oauth2 next? is that something in identiyserver 3?

[brockallen]

I'll rephrase:

Next, it sounds like you need to look into OAuth2 -- IdentityServer 2 has some limited OAuth2 support, but might be enough for your needs.

[hpals]

Does Identityserver 3 suits for my need at all? Sorry I am new to the STS world and I am still learning the concepts. I am not able to check whether there is any customization I can do with IDSRV3. Also once I have the above setup done, I have to extend the STS to allow user login via ADFS as well.

[brockallen]

Yes, IdentityServer can issue tokens to client applications that need to use your Web APIs. It's still in development and doesn't yet support ADFS, but we plan to support other identity providers (like ADFS) before we RTM.