42 min read

Windows Azure Pack Authentication Part 3 – Using a Third Party IdP

In the previous installments of this series we looked at how Windows Azure Pack authenticates users and how it’s configured out of the box for federation. This time around we’re going to look at how you can configure federation with a third party IdP. Microsoft designed Windows Azure Pack the right way. It supports federation…

1 min read

Guide to Claims-Based Identity Second Edition

It looks like the Guide to Claims-Based Identity and Access Control was released as a second addition! Take a look at the list of authors: Dominick Baier Vittorio Bertocci Keith Brown Scott Densmore Eugenio Pace Matias Woloski If you want a list of experts on security then look no further. These guys are some of…

11 min read

Strongly Typed Claims

Sometimes it’s a pain in the neck working with Claims. A lot of times you need to look for particular claim and that usually means looping through the claims collection and parsing the value to a particular type. This little dance is the trade-off for having such a simple interface to a potentially arbitrary collection…

10 min read

Authentication in an Active Claims Model

When working with Claims Based Authentication a lot of things are similar between the two different models, Active and Passive.  However, there are a few cases where things differ… a lot.  The biggest of course being how a Request for Security Token (RST) is authenticated.  In a passive model the user is given a web…

7 min read

Generating Federation Metadata Dynamically

In a previous post we looked at what it takes to actually write a Security Token Service.  If we knew what the STS offered and required already, we could set up a relying party relatively easily with that setup.  However, we don’t always know what is going on.  That’s the purpose of federation metadata.  It…

9 min read

The Basics of Building a Security Token Service

Last week at TechDays in Toronto I ran into a fellow I worked with while I was at Woodbine.  He works with a consulting firm Woodbine uses, and he caught my session on Windows Identity Foundation.  His thoughts were (essentially—paraphrased) that the principle of Claims Authentication was sound and a good idea, however implementing it…

4 min read

Token Request Validation in ASP.NET

Earlier this week during my TechDays presentation on Windows Identity Foundation, there was a part during the demo that I said would fail miserably after the user was authenticated and the token was POST’ed back to the relying party.  Out of the box, ASP.NET does request validation.  If a user has submitted content through request…

12 min read

What makes Claims Based Authentication Secure?

Update: I should have mentioned this when I first posted, but some of these thoughts are the result of me reading Programming Windows Identity Foundation.  While I hope I haven’t copied the ideas outright, I believe the interpretation is unique-ish. One of the main reasons we as developers shy away from new technologies is because…

1 min read

Changing the Identity Game with the Windows Identity Foundation

Similar to the TVBUG presentation, I will be presenting on the Windows Identity Foundation to the Metro Toronto .NET User Group. Here are the details: When: November 10th, 2010 Where: KPMG, 333 Bay Street, 10th Floor, Toronto Abstract: Identity is a tricky thing to manage. These days every application requires some knowledge of the user,…

1 min read

Managing Identity in SharePoint

Yet another presentation on the docket!  I submitted an abstract to SharePoint Summit 2011 and they accepted!  I will be presenting on SharePoint and how it manages Identity.  More specifically, how SharePoint 2010 uses WIF to handle Claims based authentication and Federation. Here are the details Event: SharePoint Summit 2011, January 31st 2011 – February…