Mixing WS-Federation and Windows Authentication in IIS

Imagine, you have an ASP.NET web application in IIS accessed by: / — everyone /orders — customers, authenticated with federated SSO /admin — personnel, authenticated with Active Directory How to configure this? Ugly solution For such kind of auth-mixing the internet suggests the following algorithm: In the controller of /admin, if a client is not windows authenticated then […]