I'm trying to build an STS service pair for our middle-tier WCF services (business layer) based on LitwareHR but without provisioning, multi-tenancy and other extras... An ASP.NET app in the web-tier will request security tokens from the
STS for the purpose of authentication and claims-based authorization.
Is it possible to host the STS in the same virtual directory as our middle-tier services, i.e. use single web.config file to simplify deployment? If so, what are the drawbacks in doing so?