Author: Vittorio Bertocci
Publisher: Microsoft Press, 2010
Aimed at: .NET programmers
Pros: Good discussion of claim-based authentication
Cons: Second part ramps up level
Reviewed by: Alex Armstrong
The main problem with a book on Windows Identity Foundation (WIF) is that there is quite a lot of doubt about whether or not it is the right authentication service to use. There are many more popular claims-based identity services. But this isn't the point - if you want a book on WIF will this one do?
The first thing to say is that for a programming book this is a slim volume. This isn't necessarily a bad thing and in this case the result is a tighter approach to the subject. This said there is still a lot of talking around the subject rather than getting on with it.
The book is divided into two parts. The first is for the average user/programmer and the second is aimed at the specialist.
As you might guess it is the first part that tends to talk around the subject - which is fine if you haven't got a clue as to what claims based identity is all about. If you have then simply skim read this section. The first chapter is a theoretical overview and the second gets you actually building a small demonstration example in ASP .NET. This uses the default identity server which doesn't check anything and simply validates every user. The author is a pains to point out that this is not realistic and you have to agree.However, if there was a real identity server on the other end you would have succeeded in creating your first WIF-controlled web site.
Part II is more technical and goes into the details of doing things you might never need to do in practice. Chapter 3 is on the WIF Processing Pipeline in ASP .NET. Chapter 4 is on Advanced WIF ASP .NET programming. From here the canvas broadens and we start to look at the interaction between WIF and other technologies. Chapter 5 looks at WIF and WCF and chapter 6 deals with WIF and Azure. The final chapter is a roundup and look at the future.
Overall this is a good book on a minority subject. It might be useful up to the end of part one if you just want to find out what WIF or claims based identity is all about. The second part is really only useful if you have committed to the technology.
If you are interested in WIF this book is going to be useful but to get the most out of it you have to be a reasonably competent ASP .NET programmer (in C#).