Can I use ADFS 2.0 to authenticate certain users against SQL Server?
AD FS 2.0 can only authenticate against Active Directory (AD DS). This is not explicitly documented in the official AD FS 2.0 documentation, but it follows from the following two snippets:
- "Appendix A: Reviewing AD FS Requirements" from the AD FS 1.x Design Guide, section "Account store requirements" says, "AD FS supports two types of account stores: Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS)."
- "Planning a Migration to AD FS 2.0" says, "The following are the AD FS 1.x features and scenarios that are no longer supported in AD FS 2.0: [...] AD LDS used as an account store".
So no custom authentication stores, SQL Server based or otherwise.
(On the other question on additional attribute stores: that is possible.)
The solution that is suggested in an answer to the other question you refer to is a bit misleading. If you read the actual blog post you see that they add an extra STS. AD FS 2.0 has a 'Claims Provider Trust' for that other STS, and redirects to it (if the 'home realm discovery' is set up correctly). That other STS then performs the authentication in whichever way it likes, sends a token back to AD FS, which then runs its claim rules.
So in that solution it is not AD FS 2.0 authenticating against an non-AD store, but redirecting to an STS which authenticates against that store.