Search Results

Search found 427 results on 18 pages for 'privilege'.

Page 5/18 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

• Updated IdentityServer Sample Relying Party

  - by Your DisplayName here!

  I just uploaded a new version of the sample relying party. The three changes are: Added a session token diagnostics page. This allows to look at cookie sizes, details and the raw contents Sample code to switch to session mode Sample code to implement sliding expiration This was already included since 1.0: WS-Federation example Claims…

  Read the article

• Token based Authentication for WCF HTTP/REST Services: Authentication

  - by Your DisplayName here!

  This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. For the theoretical background, see my previous post. Disclaimer The framework I am using/building here is not the only possible approach to tackle the problem. Based on customer feedback and requirements…

  Read the article

• Access Control Service: Protocol and Token Transition

  - by Your DisplayName here!

  ACS v2 supports a number of protocols (WS-Federation, WS-Trust, OpenId, OAuth 2 / WRAP) and a number of token types (SWT, SAML 1.1/2.0) – see Vittorio’s Infographic here. Some protocols are designed for active client (WS-Trust, OAuth / WRAP) and some are designed for passive clients (WS-Federation, OpenID). One of the most obvious…

  Read the article

• Thinktecture.IdentityServer Beta 1

  - by Your DisplayName here!

  I just upload beta 1 to codeplex. Please test this version and give me feedback. Some quick notes on setup Watch the intro screencast on the codeplex site. Use the setup tool to set the signing and SSL certificate. You can now also set the ACLs on the private key for your worker pool account. IIS is required . SSL for the…

  Read the article

• Identity in .NET 4.5&ndash;Part 1: Status Quo (Beta 1)

  - by Your DisplayName here!

  .NET 4.5 is a big release for claims-based identity. WIF becomes part of the base class library and structural classes like Claim, ClaimsPrincipal and ClaimsIdentity even go straight into mscorlib. You will be able to access all WIF functionality now from prominent namespaces like ‘System.Security.Claims’ and ‘System.IdentityModel’…

  Read the article

• Thinktecture.IdentityServer RC

  - by Your DisplayName here!

  I just uploaded the RC of IdentityServer to Codeplex. This release is feature complete and if I don’t get any bug reports this is also pretty much the final V1. Changes from B1 The configuration data access is now based on EF 4.1 code first. This makes it much easier to use different data stores. For RTM I will also provide…

  Read the article

• Improving WIF&rsquo;s Claims-based Authorization - Part 1

  - by Your DisplayName here!

  As mentioned in my last post, I made several additions to WIF’s built-in authorization infrastructure to make it more flexible and easy to use. The foundation for all this work is that you have to be able to directly call the registered ClaimsAuthorizationManager. The following snippet is the universal way to get to the WIF…

  Read the article

• ASP.NET WebAPI Security 5: JavaScript Clients

  - by Your DisplayName here!

  All samples I showed in my last post were in C#. Christian contributed another client sample in some strange language that is supposed to work well in browsers ;) JavaScript client scenarios There are two fundamental scenarios when it comes to JavaScript clients. The most common is probably that the JS code is originating…

  Read the article

• Thinktecture.IdentityModel.Http and the ASP.NET Web API CodePlex bits

  - by Your DisplayName here!

  I will keep the github repo in sync with the major releases of Web API (like Beta, RC, RTM). Because of the changes made to Web API after beta, my current bits don’t build against the CodePlex version anymore. Today I installed a build environment for the CodePlex bits, and migrated my code. It turns out the changes are…

  Read the article

• WIF, ADFS 2 and WCF&ndash;Part 6: Chaining multiple Token Services

  - by Your DisplayName here!

  See the previous posts first. So far we looked at the (simpler) scenario where a client acquires a token from an identity provider and uses that for authentication against a relying party WCF service. Another common scenario is, that the client first requests a token from an identity provider, and then uses this token…

  Read the article

• WIF, ASP.NET 4.0 and Request Validation

  - by Your DisplayName here!

  Since the response of a WS-Federation sign-in request contains XML, the ASP.NET built-in request validation will trigger an exception. To solve this, request validation needs to be turned off for pages receiving such a response message. Starting with ASP.NET 4.0 you can plug in your own request validation logic. This…

  Read the article

• ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios

  - by Your DisplayName here!

  The Thinktecture.IdentityModel.Http repository includes a number of samples for the various authentication scenarios. All the clients follow a basic pattern: Acquire client credential (a single token, multiple tokens, username/password). Call Service. The service simply enumerates the claims it finds on the…

  Read the article

• ASP.NET WebAPI Security 3: Extensible Authentication Framework

  - by Your DisplayName here!

  In my last post, I described the identity architecture of ASP.NET Web API. The short version was, that Web API (beta 1) does not really have an authentication system on its own, but inherits the client security context from its host. This is fine in many situations (e.g. AJAX style callbacks with an already…

  Read the article

• Replacing ASP.NET Forms Authentication with WIF Session Authentication (for the better)

  - by Your DisplayName here!

  ASP.NET Forms Authentication and WIF Session Authentication (which has *nothing* to do with ASP.NET sessions) are very similar. Both inspect incoming requests for a special cookie that contains identity information, if that cookie is present it gets validated and if that is successful, the identity…

  Read the article

• Thinktecture IdentityServer v1.0

  - by Your DisplayName here!

  Yeah – it is finally done. I just uploaded the v1 bits to Codeplex and the documentation to our server. Here’s the official blurb… Thinktecture IdentityServer is an open source security token service based on Microsoft .NET, ASP.NET MVC, WCF and WIF. High level features Multiple protocols…

  Read the article

• Roadmap for Thinktecture IdentityServer

  - by Your DisplayName here!

  I got asked today if I could publish a roadmap for thinktecture IdentityServer (idrsv in short). Well – I got a lot of feedback after B1 and one of the biggest points here was the data access layer. So I made two changes: I moved to configuration database access code to EF 4.1 code first.…

  Read the article

• Claims-based Identity in .NET 4.5 and Windows 8

  - by Your DisplayName here!

  There was not a ton of new information about WIF and related technologies at Build, but Samuel Devasahayam did a great talk about claims-based access control that contained some very interesting bits of information with regards to future directions. From his slides: Windows 8 Bring…

  Read the article

• Windows Azure Diagnostics: Next to Useless?

  - by Your DisplayName here!

  To quote my good friend Christian: “Tracing is probably one of the most discussed topics in the Windows Azure world. Not because it is freaking cool – but because it can be very tedious and partly massively counter-intuitive.” <rant> The .NET Framework has this wonderful…

  Read the article

• WIF, ADFS 2 and WCF&ndash;Part 5: Service Client (more Flexibility with WSTrustChannelFactory)

  - by Your DisplayName here!

  See the previous posts first. WIF includes an API to manually request tokens from a token service. This gives you more control over the request and more flexibility since you can use your own token caching scheme instead of being bound to the channel object lifetime. The API is…

  Read the article

• StarterSTS 1.5

  - by Your DisplayName here!

  I have the 1.5 version of StarterSTS sitting here for quite some time now. But I was always reluctant to release it. Some of the reasons are: too many new features for a single (small) version change. to many features that are optional, like bridged authentication and thus make…

  Read the article

• Fiddler Inspector for Federation Messages

  - by Your DisplayName here!

  Fiddler is a very useful tool for troubleshooting all kinds of HTTP(s) communications. It also features various extensibility points to make it even more useful. Using the inspector extensibility mechanism, I quickly knocked up an inspector for typical federation messages (thanks…

  Read the article

• IdentityServer Beta 1 Refresh &amp; Windows Azure Support

  - by Your DisplayName here!

  I just uploaded two new releases to Codeplex. IdentityServer B1 refresh A number of bug fixes and streamlined extensibility interfaces. Mostly a result of adding the Windows Azure support. Nothing has changed with regards to setup. Make sure you watch the intro video on the…

  Read the article

• Securing SSH/SFTP and best practices on security

  - by MultiformeIngegno

  I'm on a fresh VPS with Ubuntu Server 12.04. I wanted to ask you the good practices to apply to enhance security over a stock Ubuntu-server. This is what I did up to now: I added Google Authenticator to SSH, then I created a new user (whom I'll use instead of 'root' for SSH &…

  Read the article

• Token based Authentication and Claims for Restful Services

  - by Your DisplayName here!

  WIF as it exists today is optimized for web applications (passive/WS-Federation) and SOAP based services (active/WS-Trust). While there is limited support for WCF WebServiceHost based services (for standard credential types like Windows and Basic), there is no ready to use…

  Read the article

• Mixing Forms and Token Authentication in a single ASP.NET Application

  - by Your DisplayName here!

  I recently had the task to find out how to mix ASP.NET Forms Authentication with WIF’s WS-Federation. The FormsAuth app did already exist, and a new sub-directory of this application should use ADFS for authentication. Minimum changes to the existing application code would…

  Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >