|
|
|||
|
Dominick blogs at: Web Apps vs Web Services: 302s and 401s are not always good Friends February 10 2012 It is not very uncommon to have web sites that have web UX and services content. The UX part maybe uses WS-Federation (or some other redirect based mechanism). That means whenever an authorization error occurs (401 status code), this is picked by the corresponding redirect module and turned into a redirect (302) to… read moreReplacing ASP.NET Forms Authentication with WIF Session Authentication (for the better) February 09 2012 ASP.NET Forms Authentication and WIF Session Authentication (which has *nothing* to do with ASP.NET sessions) are very similar. Both inspect incoming requests for a special cookie that contains identity information, if that cookie is present it gets validated and if that is successful, the identity information is made available to the application via HttpContext.User/Thread.CurrentPrincipal.… read moreMixing Forms and Token Authentication in a single ASP.NET Application (the Details) February 02 2012 The scenario described in my last post works because of the design around HTTP modules in ASP.NET. Authentication related modules (like Forms authentication and WIF WS-Fed/Sessions) typically subscribe to three events in the pipeline – AuthenticateRequest/PostAuthenticateRequest for pre-processing and EndRequest for post-processing (like making redirects to a login page). In the pre-processing stage it is… read moreMixing Forms and Token Authentication in a single ASP.NET Application February 02 2012 I recently had the task to find out how to mix ASP.NET Forms Authentication with WIF’s WS-Federation. The FormsAuth app did already exist, and a new sub-directory of this application should use ADFS for authentication. Minimum changes to the existing application code would be a plus ;) Since the application is using ASP.NET… read moreThinktecture IdentityServer Azure Edition RC January 27 2012 I found some time over the holidays to finalize the Azure edition of IdentityServer. http://identityserver.codeplex.com/releases/view/81206 The biggest difference to the on-premise version (and earlier Azure betas) is, that by default IdSrv now uses Azure Storage for all data storage (configuration & user data). This means that there is no need anymore for… read moreDecember 31 2011 My last advice for 2011: Get a ticket for Troopers 2012 before it is sold out. If you like to learn about IPv6, Android, iOS, SAP or cloud security (and much more) – that’s the place to be! read moreDecember 22 2011 I spend numerous hours every month answering questions about WIF and identity in general. This made me realize that this is still quite a complicated topic once you go beyond the standard fedutil stuff. My good friend Brock and I put together a two day training course about WIF that covers everything we… read moreACS for free ‘til December 2012 December 21 2011 see here: http://blogs.msdn.com/b/windowsazure/archive/2011/12/20/important-announcements- regarding-the-access-control-service.aspx read moreWalkthrough for setting up IdentityServer v1.0 December 21 2011 Claudio Sanchez did it again! thanks! http://claudioasanchez.blogspot.com/2011/12/walk-though-of-provisioning-identity .html read moreSmall (and fixed) Bug in IdentityServer v1.0 December 07 2011 It was brought to my attention that fedutil does not work anymore with IdSrv v1 metadata. And I can confirm that. The reason for this bug is my recent change to the XmlWriter factory methods which have a different default behavior when it comes to encoding. Since there were only 20 downloads… read moreThinktecture IdentityServer v1.0 December 06 2011 Yeah – it is finally done. I just uploaded the v1 bits to Codeplex and the documentation to our server. Here’s the official blurb… Thinktecture IdentityServer is an open source security token service based on Microsoft .NET, ASP.NET MVC, WCF and WIF. High level features Multiple protocols support (WS-Trust, WS-Federation, OAuth2, WRAP, JSNotify, HTTP GET)… read moreNovember 23 2011 Sam Huggill wrote a great post on how to get StarterSTS working on IIS 6. Thanks Sam! read moreToken based Authentication for WCF HTTP/REST Services: Authorization November 16 2011 In the previous post I showed how token based authentication can be implemented for WCF HTTP based services. Authentication is the process of finding out who the user is – this includes anonymous users. Then it is up to the service to decide under which circumstances the client has access to the service… read moreToken based Authentication for WCF HTTP/REST Services: The Client November 15 2011 If you wondered how a client would have to look like to work with the authentication framework, it is pretty straightfoward: Request a token Put that token on the authorization header (along with a registered scheme) and make the service call e.g.: var oauth2 = new OAuth2Client (_oauth2Address); var swt = oauth2.RequestAccessToken( "username"… read moreToken based Authentication for WCF HTTP/REST Services: Authentication November 15 2011 This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. For the theoretical background, see my previous post. Disclaimer The framework I am using/building here is not the only possible approach to tackle the problem. Based on customer feedback and requirements the… read moreToken based Authentication and Claims for Restful Services November 15 2011 WIF as it exists today is optimized for web applications (passive/WS-Federation) and SOAP based services (active/WS-Trust). While there is limited support for WCF WebServiceHost based services (for standard credential types like Windows and Basic), there is no ready to use plumbing for RESTful services that do authentication based on tokens. This is not… read moreUpdated IdentityServer Sample Relying Party November 02 2011 I just uploaded a new version of the sample relying party. The three changes are: Added a session token diagnostics page. This allows to look at cookie sizes, details and the raw contents Sample code to switch to session mode Sample code to implement sliding expiration This was already included since 1.0:… read moreSwitching to WIF SessionMode in ASP.NET November 02 2011 To make it short: to switch to SessionMode (cache to server) in ASP.NET, you need to handle an event and set a property. Sounds easy – but you need to set it in the right place. The most popular blog post about this topic is from Vittorio. He advises to set IsSessionMode in… read moreBuy Now and Save
Buy 2 books, get the 3rd FREE
Use discount code: OPC10  All orders over $29.95 qualify for free shipping within the US. See details. |
|||
© 2012, O’Reilly Media, Inc. (707) 827-7019 (800) 889-8969 All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. |
