Okay, this one's a little off the path from the types of things I normally blog about. However, I had been doing some work recently on getting an ASP.NET app to integrate with Geneva Beta 2 as a relying party (RP). For those of you who have the time and resources, there is a walk-through of using MOSS 2007 with Geneva Beta 2 that is about 90 pages long and includes 4 Hyper-V images. It really doesn't take that long to do (maybe a couple of hours), and it does a really nice job of showing how you can integrate MOSS with Geneva, as well as federating Geneva with another partner (i.e. Security Token Service, or STS). You'll get to see some of the cool stuff you can do from the Geneva side in terms of claims, pulling claim information from a database, using RMS, as well as the federated experience in SharePoint using the custom membership and role provider that Geneva is shipping. Pretty cool stuff really.
Along those lines, you may also find yourself in the position of needing to integrate your ASP.NET application with Geneva. In short, you'll build your ASP.NET application, run a new Federation Utility that configures the web.config in your application to use Geneva and it's authentication pipeline, and then use the Federation Metadata file that is built to create and configure your application as an RP in Geneva. It's actually pretty straightforward once you know all the pieces, but then if all the pieces were well-documented and easy to find who would need blogs, right?
I'm assuming that you've already created your project in Visual Studio by doing File...New...Web Site, selecting C# as the language and then selecting the Claims Aware Web Application as the project template type. If you select VB as the language you won't see this option. Don't shoot the messenger folks, remember I just report the news, I don't write it. I also recommend that you change your start up options for the application so that it uses a virtual directory on the local web server rather than the built in Visual Studio web server, as well as using SSL. You're going to have this Url returned to you as part of the authentication process and redirection, so it needs to be a name that your client(s) can resolve. If you are only testing this out on your local server for example, it can be https://localhost/MyProjectName. This is really just used during the Geneva configuration process, and you can always go back and change it in Geneva if you move your application to a new site, move it into production, etc.
So assuming you have all of this in place, you want to right click on the project and select the menu to Modify Your STS reference; this launches the Federation utility. Here are some tips for using the wizard:
That's pretty much it; you should play with different claims, roles and integration with ASP.NET roles-based authentication - it's pretty slick. One additional point about claims though. If a claim doesn't show up even though you are sending it out, make sure the user actually has a value in the directory for that attribute. If he doesn't, it won't send a claim with an empty or null value; it just doesn't send the claim at all! This can cause all sorts of hair pulling to try and figure out what's going on.
Hope you check out Geneva, and if you do hopefully this will help you get things moving along a little more quickly.