我在想，如果有人可以点我在正确的方向。目前，我们正在寻找一个承载Web应用程序的客户端将验证对客户端的ADFS IIS服务器，以便采取SSO的优势等，这是所有罚款，这里没有任何问题。

I was wondering if somebody could point me in the right direction. We're currently looking at hosting a web application for a client which will authenticate against the client's ADFS IIS server in order to take advantage of SSO etc. this is all fine and no problems here.

这个问题来当我们认为我们现有的桌面和移动应用程序（.NET，的iOS，安卓等）的研究。我们需要针对同一用户存储这些应用程序作为我们的Web应用程序进行身份验证。

The issue comes in when we consider our existing desktop and mobile applications (.NET, iOS, Android etc.). We need to authenticate these applications against the same user store as our web application.

是否有可能进行身份验证的Windows桌面应用程序（.NET编写）对外部ADFS服务器？如果是这样，请你能不能一个例子指向我？

Is it possible to authenticate a Windows Desktop Application (written in .NET) against an external ADFS server? If so, please could you point me at an example?

是否有可能来验证ADFS本地移动应用？我想我们需要以处理这个手动创建的HTTP请求等。可能有人在任何有关文件/例子指向我？

Is it possible to authenticate native mobile applications against ADFS? I guess we'll need to manually create HTTP requests etc. in order to handle this. Could somebody point me at any relevant documentation / examples?

另外，对于移动应用，会是更好的举办我们自己的内部web服务充当中间人。再次，这种任何的例子将是极大的AP preciated。

Alternatively, for mobile applications, would it be better to host our own internal webservice which acts as a 'middle-man'. Again, any examples of this would be greatly appreciated.

谢谢 大卫

推荐答案

这取决于服务是从客户端（移动或桌面）呼叫的类型。如果它是一个SOAP Web服务，那么它所有支持开箱即用（例如，使用WS-信托）。 WCF已经提供了绑定基于声明的身份验证，所以你并不需要太多，除了.NET客户端。

It depends on the type of service you are calling from the client (mobile or desktop). If it is a SOAP web service, then it is all supported out of the box (e.g. using WS-Trust). WCF already provides bindings for claims based authentication so you don't need much on the client besides .NET.

移动客户倾向于更轻的协议（如OAuth的，REST端点，等等）。这些都是不支持的ADFS，但你可以添加ACS（Windows Azure中的Active Directory），并把它作为中介，将做协议翻译给你。

Mobile clients tend to favor lighter-weight protocols (e.g. OAuth, REST endpoints, etc). These are not supported by ADFS, but you could add ACS (Windows Azure Active Directory) and have it as an intermediary that will do the protocol translation for you.

很好的例子在这里： http://msdn.microsoft .COM / EN-US /库/ ff423674.aspx

具体做法是：

SOAP： http://msdn.microsoft.com/en-us/library/hh446528

REST /设备： http://msdn.microsoft .COM / EN-US /库/ hh446533