Estimated reading time: 7 minutes

Kerberos.NET: A Managed Ticket Validator

In my last post I talked about how Azure AD does Kerberos Single Sign-On. Conceptually it’s a simple process, but when you dig into the details of the implementation, there are some serious hurdles to overcome. The Active Directory side of things is straightforward — it’s just a matter of manually creating an SPN and keeping the secret in sync. It gets really complicated on the Azure AD side of things though. Consider the history of web-based Kerberos. IIS has supported this for decades by way of an ISAPI HTTP module that parses out the header and hands it off to the…

Estimated reading time: 3 minutes

Creating Authority-Signed and Self-Signed Certificates in .NET

Whenever I get some free time I like to tackle certain projects that have piqued my interest. Often times I don’t get to complete these projects, or they take months to complete. In this case I’ve spent the last few months trying to get these samples to work. Hopefully you’ll find them useful. In the world of security, and more specifically in .NET, there aren’t a whole lot of options for creating certificates for development. Sure you could use makecert.exe or if you’re truly masochistic you could spin up a CA, but both are a pain to use and aren’t necessarily useful…