How to share authentication context between a SharePoint 2010 Site and ASP.NET applications

Question

Is it possible to share the claims based authentication of a logged in Sharepoint 2010 user with a separate Asp.net application?

The following article describes how it was done using Sharepoint 2007 and forms authentication through forms auth and sharing machine keys etc however I cannot find any information regarding the external application consuming the claims authentication that is now used in Sharepoint 2010?

Answer 1

Who authenticates the user in SP in your app?

In a claims based architecture, you normally would deploy an STS that will authenticate users and issue security tokens (e.g. ADFS). Then you would handle the token back to the app (Sharepoint in your case)

Since authN is already externalized, what you need to do is simply add the STS (e.g. ADFS) as a trusted issuer for the ASP.NET app (using WIF). Conceptually, your SP app and the ASP.NET app are different, with potentially different rules.

From a usability perspective, the user will never see a double logon and all interactions are handled for him. Yet, the 2 apps remain separate entities that you can manage independently.

Makes sense?

Bottom line: in a claims based approach, you get the "sharing" without any workarounds. It's built in into the design.