Exploring Dynamic Access Control Part 4 – Central Access Rules

In this series I have looked how we secure and classify resources (such as Files and Folders) with Dynamic Access Control with the claims of users and devices accessing them.  In the previous post I looked at Resource Properties and User/Device Claims. In this post I will be bringing these concepts together with Central Access Rules. Fitting everything together As we have…


Exploring Dynamic Access Control Part 3 – Properties and Claims

  In the previous post I looked at Classifying resources. In this post I will be looking at setting up custom Properties to use on those resources and claims for users and devices. Resource Properties Now we will go a little deeper into the Resource Properties (i.e. the items we can classify resources with). Inside…


Exploring Dynamic Access Control Part 2 - Classification

Dynamic Access Control is a way for you to secure your resources (such as files and folders) without having to manage groups or user lists.  In the previous post I looked at the basics of Dynamic Access Control. In this post I will be looking at Classification of resources. Classification You may have also noticed…


Exploring Dynamic Access Control Part 1 – Getting Started

This is the first post in a series of 4 covering Dynamic Access Control. In this post I am going to be looking at the Dynamic Access Control features of Windows Server 2012 and Windows 8. Dynamic Access Control is a way for you to secure your resources (such as files and folders) without having…


Access to an ASP.NET website via multiple authentications

Background Is it possible to secure a website using Windows Identity Foundation (WIF) without interfering with an existing authentication method? e.g. – Could a website secured using an ASP.NET membership provider, with all the code and configuration that entails, be layered with additional code and configuration to allow a precursory authentication with a trusted Identity…


ADFS 2.0: Single sign-on when a website references remote images

I recently had an issue where a website, secured with Active Directory Federation Services 2.0 (ADFS), was referencing images stored in another website, secured by the same instance of ADFS. This meant that if a user logged into the main website without going first to the website hosting the images, they would not see the…


Handling optional claims with the ADFS Claims Rule Language

It is a perfectly normal scenario for claims to be optional in a token. For example, a SAML assertion may contain the mandatory claims: http://www.contoso.com/claims/givenname http://www.contoso.com/claims/surname and optionally the claim: http://www.contoso.com/claims/dateofbirth The ADFS Claims Rule Language is designed to allow claims from incoming tokens to be used to query data stores for additional claims. At…