.net claims based authentication (writing own STS?)

Question

I'm a complete beginner when it comes to WIF and claims-based authentication. I'm struggling with understanding how I should proceed with a client request.

I've simplified it here to hopefully get specific answers: my client has multiple web applications that all connect (username/password) to a single custom membership database. Then there is an admin web app that administers all of the apps. The authentication for this admin app needs to be through AD (for client's reps) and also through another custom membership DB (for external reps). All these components will live in my clients domain.

The client wants to use claims-based authorization. I understand the all the apps will be RPs and AD will be an STS for the admin app. But how do I tie in the customs membership DBs and put it all together? Do I need to write my own STS? I've been reading a lot and getting the impression that you should seldom have the need to write your own STS.

My goal is to setup a quick prototype with the above functionality so your answer can be basic - I will be tackling the details later, just need to start off right.

Any help will be much appreciated!

Answer 1

I have used successfully SelfSTS.
It doesn't require any setup, very easy to use and enables you to test WIF capabilities with configured tokens.

Answer 2

Have a look at this open source project that support membership out of the box: http://thinktecture.github.com/Thinktecture.IdentityServer.v2/