LINQ, collections and null reference exceptions

This short post describes an idiosyncrasy of LINQ that, for someone with several years of C# experience I should probably have known about, but didn’t. During development of an app the test team reported that a null reference exception was intermittently occurring. For a seasoned developer like myself I didn’t think it would be too…


SAML 2.0 tokens and WIF – bridging the divide

Background We all know the following limitations about Windows Identity Foundation (WIF) and passive (browser) federation protocols, right? WIF does not support SAML2.0 protocol (SAML2P) There is a WIF extension out there to support SAML2P but it is a technology preview WIF does support SAML2.0 (SAML2) tokens WS-Federation conveys SAML1.1 tokens Therefore, unless you use…


Access to an ASP.NET website via multiple authentications

Background Is it possible to secure a website using Windows Identity Foundation (WIF) without interfering with an existing authentication method? e.g. – Could a website secured using an ASP.NET membership provider, with all the code and configuration that entails, be layered with additional code and configuration to allow a precursory authentication with a trusted Identity…


Mutual authentication with a IIS hosted WCF data service installed in a workgroup environment

This post covers the steps required to secure communication between a WCF client and a WCF data service using mutual certificate authentication. The client/service topology is depicted below: Both the client and server run on a Windows Server 2008 R2 virtual machine with Windows SDK 7.1, Visual Studio 2010, SQL Server Express 2008 R2 and…


Using mutual SSL and message security to secure a WCF service

Sometimes, Windows Communication Foundation (WCF) can be tough going. Whilst things will often work straight out of the box, customisation can quickly get complicated. Equally though, the solution can sometimes turn out to be pretty simple but it is the journey to get there that is difficult. Consider the following scenario: In this configuration a…


The Windows Identity Foundation Configuration Editor

As a little exercise to teach myself WPF (argue amongst yourselves about how successful I was on that point; feedback most welcome) I have written a tool call the Windows Identity Foundation (WIF) Configuration Editor. It’s purpose is to exercise complete control over the <microsoft.identityModel> config section within app.config and web.config files, for applications secured…


Handling optional claims with the ADFS Claims Rule Language

It is a perfectly normal scenario for claims to be optional in a token. For example, a SAML assertion may contain the mandatory claims: http://www.contoso.com/claims/givenname http://www.contoso.com/claims/surname and optionally the claim: http://www.contoso.com/claims/dateofbirth The ADFS Claims Rule Language is designed to allow claims from incoming tokens to be used to query data stores for additional claims. At…