I have several Silverlight, WP7 and ASP.NET MVC client applications Most allow anonymous access to the application but secure various features based on a user’s credentials when logged in. All of the clients use a common back-end service application for data access and business processing which require the user’s credentials for authentication and authorization.

We currently use Forms Authentication in all client applications and I’d like to migrate our architecture to use federated identity and a claims-based model. Passive federation is not an option.

I am looking for the following flow:

1. The user triggers the login dialog, enters their username and
   password then clicks “OK”.
2. Behind-the-scenes, the application calls an active STS service in
   our existing service application for authentication.
3. The service is actually a federated STS and passes the call through
   to the (active) IP_STS which may or may not be ADFS.
4. When the IP returns the token to the FP, the FP modifies the token
   with additional claims from the server data store before returning
   the token to the client application.
5. The client application maintains the token in memory for
   authorization checks (in Thread.CurrentPrincipal, for example).
6. The client also passes the token when making requests to other
   service operations in our service application.
7. These service operations will use the token to
   authenticate/authorize the request.

This is a very different use-case from any of the articles and samples I’ve been able to locate. Can anyone provide some guidance and/or point me in the right direction?