Cryptic title but as I'm looking through the STS project and what it does I'm trying to figure out if I can do what I'm being asked to from a security perspective.
What I'm looking for?
* A public facing sitefinity site that customers can register and log in to (the backend being an ASP.NET membership database that's part of another MVC site)
* on-prem users logging into the backend of Sitefinity using SSO backed by ADFS
* other customers using ADFS (federated to our domain, some of our larger customers) able to log into Sitefinity (same as the customers above)
* customers able to choose to log into the site either with a username/password (the first bullet point) or use a social media connector like Facebook/Google/Twitter/etc.
I'm assuming the STS site and tokens can handle the username/password and social media users but a) can the backend for that be an ASP.NET membership database that's part of a different site (we have a service site that's the host for that) and b) can we have ADFS users logging into the public site as well as the backend (two different sets of ADFS users here, major customers that are federated to us and on-prem domain users who are authoring content).
Looking for some guidance on this setup but I think the setup is somewhat unique so I feel like I'm just going to have to do a lot of trial and error and hope it all works out in the end.