9 min read

The Case of the Failed Restore

As applications get more and more complex the backup and restore processes also tend to become more complex. A lot of times backup can be broken down into simple processes: Get data from various sources Database Web.config DPAPI Certificate Stores File system etc Persist data to disk in specific format Validate data in specific format…

4 min read

Token Request Validation in ASP.NET

Earlier this week during my TechDays presentation on Windows Identity Foundation, there was a part during the demo that I said would fail miserably after the user was authenticated and the token was POST’ed back to the relying party.  Out of the box, ASP.NET does request validation.  If a user has submitted content through request…

8 min read

Using the ASP.NET Roles Provider with Windows Identity Foundation

Using the Windows Identity Foundation to handle user authentication and identity management can require you to drastically rethink how you will build your application.  There are a few fundamental differences between how authentication and roles will be handled when you switch to a Claims model.  As an example if you used an STS to provide…