Windows Identity Foundation (WIF) Security for ASP.NET Web Applications – Threats & Countermeasures

Windows Identity Foundation (WIF) is a security feature that offers broad functionality. Federated authentication, claims based authorization, token transformation to name a few. But only because WIF is a security feature does not make it secure and safe by default. To improve and strengthen  WIF’s security it is useful to understand the threats associated with it and map the countermeasures that mitigates the threats. This is the list of Threats and Countermeasures for claims aware ASP.NET Web Applications distilled from existing WIF documentation. If you have more to add – feel free to submit in comments below.



  • Token issued by STS that is not trusted
  • Token is not intended for the application
  • Sensitive information exposed in wcts (including logs)
  • Provide adequate to your needs protection (signature/encryption) for this parameter.
  • User Can Be Signed Out of RP by Malicious Web Site
  • For STS - have the STS ignore the WS-Federation SignOut/SignOutCleanup message. Serve the user a page that gives the user the option to sign out.
  • For RP – take appropriate action during OnSigningOut event.
  • wreply redirects to arbitrary URL
  • Make sure that wreply value is trusted

Related Books

Related Info

Skip to main content