Windows Identity Foundation (WIF): Getting Started

Important: WIF will not run on Windows XP.

Getting Started

First download and install the Identity Developer Training Kit (Microsoft Download Center).

The identity and access control products and services covered in this release are:  

• Microsoft Windows Identity Foundation
• Microsoft Active Directory Federation Services v2
• Windows Azure AppFabric Access Control 2.0 

The "Default.htm" page serves as an index to the contents of the kit.

As per the prerequisites on that page, the following are needed.

• Microsoft Visual Studio 2010 (Microsoft Web site)
• Microsoft IIS 7 (.NET WCF HTTP Activation installed)
• Microsoft Windows Identity Foundation (WIF) Runtime (Knowledge Base article)
• Microsoft Windows Identity Foundation SDK (Microsoft Download Center)

You can also download WIF via the Microsoft Web Platform Installer (Microsoft Download Center). Just search on keyword "identity" within the tool.

There are a number of labs. Each lab uses the Configuration Wizard tool to check its dependencies. Please run the "SetupLab.cmd" script that comes with each lab to launch the configuration wizard.

You can run this by clicking on the "Hands-on Labs" tab, choosing a lab, reading the Setup Instructions for that lab and then clicking the "Setup Lab" link.

If you still have problems, [[articles: Installing the Windows Identity Foundation (WIF) SDK]] gives some guidance on the SDK install.

Have a look at the "Additional Resources" tab. In particular. you should download SelfSTS which is a simple utility that exposes a minimal WS-Federation STS endpoint. SelfSTS can be used as a test STS when developing web sites secured with Windows Identity Foundation.

Next steps

WIF has two different profiles; a passive one for browsers and an active one for web services (based on WCF).

WIF can also be added to an ASP.NET web application (called a Relying Party or RP) or it can be used to generate a custom Security Token Service (or STS). ADFS v2.0 is an example of a STS.

• How to: Build an ASP.NET Relying Party Application (MSDN)
• How to: Build a WCF Relying Party Application (MSDN)
• How to: Access Claims in an ASP.NET Page  (MSDN)
• How to: Build an ASP.NET STS  (MSDN)
• How to: Build a WCF STS  (MSDN)

Once you have installed the prerequisites, there are some Visual Studio WIF templates to get you going. These can be accessed from:

"File / New / Web Site"

Generating a custom STS is not trivial and it would certainly help to look at some examples.

StarterSTS (CodePlex)
StarterSTS is a compact, easy to use security token service that is completely based on the ASP.NET provider infrastructure. It is built using the Windows Identity Foundation and supports WS-Federation, WS-Trust, REST, OpenId and Information Cards.

An updated version of StarterSTS which conforms to the MVC model is:

IdentityServer (CodePlex)
IdentityServer is the follow-up project to StarterSTS. It's an easy to use security token service based on WIF, WCF and MVC 3.

There are also some extensions to WIF:

IdentityModel (CodePlex)
This is a helper library that makes common tasks easier to accomplish.

Have a look at some worked examples.

• Windows Identity Foundation (WIF) By Example Part I – How To Get Started
• Windows Identity Foundation (WIF) By Example Part II – How To Migrate Existing ASP.NET Web Application To Claims Aware
• Windows Identity Foundation (WIF) By Example Part III – How To Implement Claims Based Authorization For ASP.NET Application

**Resources  **

Claims Based Identity & Access Control Guide (CodePlex)
This guide gives a very good overview of WIF and claims and refers to the labs in the training kit.

Programming Windows Identity Foundation (Amazon) 
An excellent guide for working with WIF and claims based identity.