Claims Visualization

Dominick Baier has a visualization for claims in the Visual Studio debugger. I’m not sure what other details to provide. It takes an identity and description for a claim and describes the issuer, metadata, and properties that make up the claim.

0

Routing and Impersonation

Can the routing service introduced with .Net 4 be used with impersonation? Yes, the routing service can be used with impersonation for both sending and receiving messages. All of the usual Windows constraints of impersonation apply. If you would have needed to set up service or account permissions to use impersonation when writing your own…

0

HTTPS Host Name for IIS

The configuration of an IIS site includes the ability to associate a host name with a particular site definition. For HTTP traffic this allows multiple web sites to be hosted at the same IP address and port, with the true domain name of the site mapped using the host name header. For example, if you…

2

Starter STS Sample

Dominick Baier has put up the completed StarterSTS sample that demonstrates how to write, configure, and use a realistic security token service. The token service is built using Windows Identity Foundation and provides authentication based on the ASP.NET identity provider model. Although the StarterSTS sample doesn’t have every feature of an enterprise-ready token service, it’s…

0

Debugging Delegation and Kerberos Configuration

I came across an interesting tool the other day that can be used to debug and diagnose configuration problems with Kerberos. DelegConfig is an ASP.NET application that you install to generate a troubleshooting report about your IIS configuration, Kerberos credential usage, and delegation settings. You configure the DelegConfig installation with the service account you intend…

0

Legacy Created, Obsoleted, and Destroyed Before Shipping

As far as I can tell there has never been a description of what the mysterious LegacyExtendedProtectionPolicy property is for that appeared on the HTTP and TCP transports and is now slowly in the process of disappearing. In the small number of places it appeared the property has been marked as obsolete. Extended protection policy…

0

Fix to Allow Providing Outgoing Supporting Tokens

I’ve sufficiently recovered from running the last week-long series covering fixes for WCF to do another one. This week I’ll again be covering fixes for WCF that may be hard to find and explaining the details behind each problem. A primary token provides security to a message by signing the message body and headers in…

0

Fix to Disable Transport Security with Message Credentials

I’ve sufficiently recovered from running the last week-long series covering fixes for WCF to do another one. This week I’ll again be covering fixes for WCF that may be hard to find and explaining the details behind each problem. This is another fix that adds the feature of using message security requests in a nominally…

1

Fix to Disable Security on Responses

I’ve sufficiently recovered from running the last week-long series covering fixes for WCF to do another one. This week I’ll again be covering fixes for WCF that may be hard to find and explaining the details behind each problem. The first fix is a new feature added to allow secure message security requests to be…

0

Identity and Access Control Guide

The patterns and practices group at Microsoft has released an online guide to claims-based identity and access control. The guide is targeted at developers and architects of web services on Windows that require user-identity information. Windows Identity Foundation and Active Directory federation are the primary technologies discussed for these solutions. The guide starts by providing…

0