I tried to come up with a quick view on available options for implementing authorization in claims aware applications.
This is what I came up with.
An app (ASPNET Web APP, WCF Service) can perform two types of access checks when using claims:
- RBAC – IsInRole style – similar to what was done since Net Fx 1.0, and then enhanced by RoleManager since ASPNET 2.
- To do so you must have claims of Role type incoming into your app’s context
- You could prepare the role type claims at the STS level (ACS, ADSFS, 3rd Party, Custom). Example (step 2): How To: Implement Role Based Access Control (RBAC) in a Claims Aware ASP.NET Application Using WIF and ACS.
- You could convert any incoming claim to the role type at the app level, regardless of STS you use, using ClaimsAuthenticationManager. Example (Step 4): How To: Implement Role Based Access Control (RBAC) in a Claims Aware ASP.NET Application Using WIF and ACS. Here you harness the power of WIF extensibility.
- In case you migrating app that uses RoleManager – you could implement custom RoleManager and migrate “seamlessly” w/o changing the app. Example: Authorization With RoleManager For Claims Aware (WIF) ASP.NET Web Applications
- CBAC – claims based access control – you implement the way you want it. The key here is that WIF enables you to externalize the authorization decisions, so you could even implement it as configuration based policy in your config and more. You use WIF’s ClaimsAuthorizationManager as an extensibility point to externalize authorization checks. Example: How To: Implement Claims Based Access Control (CBAC) in a Claims Aware ASP.NET Application Using WIF and ACS
- Programming Windows Identity Foundation (Dev – Pro)
- A Guide to Claims-Based Identity and Access Control (Patterns & Practices) – free online version
- Developing More-Secure Microsoft ASP.NET 2.0 Applications (Pro Developer)
- Ultra-Fast ASP.NET: Build Ultra-Fast and Ultra-Scalable web sites using ASP.NET and SQL Server
- Advanced .NET Debugging
- Debugging Microsoft .NET 2.0 Applications