How to implement Claims Based Authentication using Web API?

Question

I am going to be using Web API for an upcoming project and was asked to integrate an existing STS provider into the equation as my authentication mechanism. Therefore my Web API would be the RP (relying party). I don't need any support to provide the actual token (like creation of STS Provider), just need to incorporate claims based authentication to the configured STS provider and use it in my Web API REST based service.

Does anyone know if this is possible, and some examples on how to implement this? I see full examples with creating a STS provider, but like I said it already exists. I just need to trust it and use for authentication purposes.

Answer 1

Depends which protocols your existing STS supports. You need to find that out.

Basically you need to do this:

1. request a token from your STS (from within your client app)
2. send the token to the Web API
3. validate the token inside Web API

The thing you need to find out is if 1. works with your custom STS - then we can talk about 2 and 3 ;)