Imagine a world where you don’t have to worry about authentication. Imagine instead that all requests to your application already include the information you need to make access control decisions and to personalize the application for the user.
In this world, your applications can trust another system component to securely provide user information, such as the user’s name or e-mail address, a manager’s e-mail address, or even a purchasing authorization limit. The user’s information always arrives in the same simple format, regardless of the authentication mechanism, whether it’s Microsoft® Windows® integrated authentication, forms-based authentication in a Web browser, an X.509 client certificate, or something more exotic.
Even if someone in charge of your company’s security policy changes how users authenticate, you still get the information, and it’s always in the same format.
This is the utopia of claims-based identity that A Guide to Claims-Based Identity and Access Control describes. As you’ll see, claims provide an innovative approach for building applications that authenticate and authorize users.
The patterns and practices group at Microsoft has released an online guide to claims-based identity and access control. The guide is targeted at developers and architects of web services on Windows that require user-identity information.
This guide has five accompanying samples, covering all of the scenarios described in the book: WebSSO, WebSSO on Azure, Federation, Federation with Mutliple Partners and Web Services.
Here are the downloads for the guide and all of the contained code samples:
A Guide to Claims-Based Identity and Access Control – Book Download: http://www.microsoft.com/downloads/details.aspx?FamilyID=4c09ffe4-43dd-4fcc-be35-c897c9bc4386&displaylang=en
A Guide to Claims-Based Identity and Access Control – Code Samples:
Also check-out the community materials on CodePlex: