Orchard Security and WIF

Topics: Customizing Orchard
Jul 27, 2011 at 8:15 AM

Hello everybody. I am going begin create SSO functionality by extending Orchard security system and using Windows Identity Foundation. It is possible in standard mvc application how to described here http://msdn.microsoft.com/en-us/library/ff359105.aspx. Currently I just want know will possible do such kind of Orchard customization? If so from what to start? What things (points) in Orchard I must investigate before?

The reason why I want make such customization is in the following. I have set of SaaS applications. I have couple of mvc sites each site devoted to specific SaaS application where users can register, get keys for using API and etc. I have own membership storage and own storage of claims. Thus if I will use orchard for my web sites I do not want have several storages of users. It would be great create security module for Orchard based on WIF and get SSO for all parts of system. Thanks.

Jul 27, 2011 at 8:45 PM

I would start by looking at other authentication modules that are already on the gallery.

Jul 28, 2011 at 8:20 AM

Well. I found one module. It is Authentication.Federated - 0.2 from Maarten Balliauw. It looks like module not fully completed or maybe in most cases it is enough. He just gets values of claims from token after redirection from SSO page and creates copy of user in database of Orchard. And it does not create IClaimsPrincipal on entire Orchard system, he just use Orchard services for forms authentication. I need create IClaimsPrincipal for entire system. Looks like I can extend that module. What you think? Will system work correct if I will add following modules

  <modules runAllManagedModulesForAllRequests="true">
    <add name="WSFederationAuthenticationModule"
         preCondition=" integratedMode"  
                      WSFederationAuthenticationModule, ..." />
   <add name="SessionAuthenticationModule"
         preCondition=" integratedMode"   
                           SessionAuthenticationModule, ..." />

Jul 29, 2011 at 12:41 AM

Sure you can extend that, I suppose. You can probably check with the author that it's ok.

Adding those modules should work, I think, but you won't know unless you try...