Over the past couple of weeks, I have been working on understanding some of the latest options available for Windows Communication Foundation (WCF) and Federation security. In particular, I have looked at Kerberos authentication (where your Active Domain serves as your Secure Token Server (STS)) to give you seamless Single-Sign On (SSO). But, how do you leverage SSO if your users are outside of your domain? There are a couple of options:
1. WSFederationHttpBinding (renamed from WSFederationBinding in the Feb CTP to make it clear this only works over HTTP)
2. Active Directory Federation Services (ADFS)
ADFS looks pretty straight forward, but may be too heavy for what I was interested in doing. Today, I found this great simple example "Implementing a Secure token service with WCF" by Pablo M. Cibraro[found by way of Sam Gentile]. Pablo uses the username token for client authentication and an X509 certificate to encrypt and sign the server token.