Configure OWIN to use Forms login and federated login

Question

I'm creating a new MVC5 - ASP.NET Identity project, and I'd like to support two methods of logging in: forms and eID (digital passport).

I'd like to use OWIN to easily implement these features:

• Forms login: Validate user based on username and password
• Fed Auth: Read the data from the eID, receive the request and find the user coupled to that eID (https://www.e-contract.be/eid-idp/authentication). Right now I have been able to add the FedAuth STS via WIF, but whenever I open my application, I get redirected automatically to the eID-site (if I disable the passiveredirect I get a redirect-loop)

I know this is going to be a broad subject and I know this is a very general question. I've tried googling for some tutorials, but I can't find any resources to learn more about OWIN or to implement (I assume this is via oAuth) fedauth.

How should I go about implementing this? Thanks!

** Solution **

This is the web.config that I use:

<configSections>
..
   <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
   <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />    
..
</configSections>

<appSettings>
   ..
   <add key="ida:FederationMetadataLocation" value="https://www.e-contract.be/eid-idp/endpoints/ws-federation/metadata/auth-ident-metadata.xml" />
   <add key="ida:Issuer" value="https://www.e-contract.be/eid-idp/protocol/ws-federation/auth-ident" />
   <add key="ida:ProviderSelection" value="productionSTS" />
   ..
</appSettings>

<location path="FederationMetadata">
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
</location>
<system.webServer>
   <validation validateIntegratedModeConfiguration="false" />
      <modules>
         <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
         <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
        ..
      </modules>
</system.webServer>

<system.identityModel>
    <identityConfiguration>
       <audienceUris>
           <add value="https://localhost:44301/" />
       </audienceUris>
       <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089">
          <trustedIssuers>
              <add thumbprint="5981a2be47ca66203c9165edeb697d833df1b77d" name="www.e-contract.be" /><!-- Change this thumbprint if eID stops working https://www.e-contract.be/eid-idp/main.seam -->
          </trustedIssuers>
       </issuerNameRegistry>
       <claimsAuthenticationManager type="ePortaal.Federation.FederationUserAuthenticationManager, ePortaal" />
          <certificateValidation certificateValidationMode="None" />
              <securityTokenHandlers>
                   <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
                   <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
           </securityTokenHandlers>
      </identityConfiguration>
</system.identityModel>

 <system.identityModel.services>
   <federationConfiguration>
      <cookieHandler requireSsl="true" />
          <wsFederation requireHttps="true" passiveRedirectEnabled="false" realm="https://localhost:44301/" issuer="https://www.e-contract.be/eid-idp/protocol/ws-federation/auth-ident" />
   </federationConfiguration>
</system.identityModel.services>

e-contract changes their thumbprint every couple of months, you can find it on the website under "Identiteit thumbprint: 5981a2be47ca66203c9165edeb697d833df1b77d (put this key in your web.config)"

Answer 1

It is not entirely clear what you want. If you don't want to be redirected automatically, you have to "open the pages" in your web.config with an . That way your login screen can come up and you can have a login button that explicitly redirects to the eid site. On the same page you can have a login form that uses forms authentciation.