Were considering using WIF for authenticating our users, so Ive started to gather some information on how to do this the right way. Mainly how we should create the STS. Ive had a hard time finding some information about our scenario where we have a main service that will be used by clients both internal and external.
Internal clients will connect to the service using TCP. The desktop clients used by our employees should authenticate to the service using their domain credentials (Active Directory). Besides that we have a small number of applications that use the service for data processing. We would like to issue a certificate to these applications. They will then authenticate through the STS using that certificate and a token is returned containing the claims for that application. Is that possible?
External clients will connect through HTTP, authenticate using username/password (web client), or by a certificate like much like mentioned above.
Is this a valid scenario? How would you implement this in WIF? Can you point me to some articles that you think will help? Can I solve this by having a single STS (WCF) or do I need more than one? Can a single STS handle more than one type of credentials (AD/username/certificate)?
Thank you in advance. Any help will be much appreciated.