The Table of Content of Programming Windows Identity Foundation

Various readers asked me to provide the table of content of Programming Windows Identity Foundation, so here it is. The formatting is not perfect, but I wanted to make sure to keep the page numbers and indentation so that you can assess how much space has been dedicated to any given topic you want to study.

I won’t repeat here what I wrote in the book intro (available also in this Microsoft Press post), but I do want to add a couple of notes.

1. Although the topics covered by the book are a superset of the ones in the training kit, it’s hard to make comparisons. The book packs information at much higher density and goes significantly deeper than the kit. Apart from something in Part I there are no step-by-step instructions, as you can expect from a title in the Developer Pro References series.

2. Apart from the parts explaining protocols and patterns, all the book is firmly anchored in code and gives very concrete guidance on how to implement the topic at hand. The only exception is Chapter 7: that chapter covers topics for which there are no official bits yet, and giving cove would have meant filling pages and pages of custom tactical code which could have become obsolete soon. What you get in chapter 7 is an intro to the topics (for example there are swimlane diagrams for OAuth 2 and similar) which helps you to wrap your head around the issue should you have to cope with it before official solutions arise. The exception to the exception is the part about MVC, where I do provide the code of a very simple and elegant solution (I wasn’t the one coming up with it :-)) which integrates really well with the MVC model.

And now, without further ado, the TOOOC   ♪♬

Table of Contents

Foreword xi

Acknowledgments xiii

Introduction xvii

Part I Windows Identity Foundation for Everybody

1 Claims-Based Identity 3

What Is Claims-Based Identity? 3

Traditional Approaches to Authentication 4

Decoupling Applications from the Mechanics of Identity and Access 8

WIF Programming Model 15

An API for Claims-Based Identity 16

WIF’s Essential Behavior 16

IClaimsIdentityand IClaimsPrincipal18

Summary 21

2 Core ASP.NET Programming 23

Externalizing Authentication 24

WIF Basic Anatomy: What You Get Out of the Box 24

Our First Example: Outsourcing Web Site Authentication to an STS 25

Authorization and Customization 33

ASP.NET Roles and Authorization Compatibility 36

Claims and Customization 37

A First Look at <microsoft.identityModel> 39

Basic Claims-Based Authorization 41

Summary 46

Part II Windows Identity Foundation for Identity Developers

3 WIF Processing Pipeline in ASP.NET 51

Using Windows Identity Foundation 52

WS-Federation: Protocol, Tokens, Metadata .54

WS-Federation 55

The Web Browser Sign-in Flow 57

A Closer Look to Security Tokens 62

Metadata Documents 69

How WIF Implements WS-Federation 72

The WIF Sign-in Flow .74

WIF Configuration and Main Classes 82

A Second Look at <microsoft.identityModel> .82

Notable Classes 90

Summary 94

4 Advanced ASP.NET Programming .95

More About Externalizing Authentication 96

Identity Providers ............................................97

Federation Providers .99

The WIF STS Template .102

Single Sign-on, Single Sign-out, and Sessions 112

Single Sign-on ..............................................113

Single Sign-out .115

More About Sessions .122

Federation .126

Transforming Claims 129

Pass-Through Claims 134

Modifying Claims and Injecting New Claims 135

Home Realm Discovery .135

Step-up Authentication, Multiple Credential Types, and Similar Scenarios .140

Claims Processing at the RP 141

Authorization 142

Authentication and Claims Processing 142

Summary 143

5 WIF and WCF 145

The Basics 146

Passive vs.Active 146

Canonical Scenario 154

Custom TokenHandlers 163

Object Model and Activation 167

Client-Side Features 170

Delegation and Trusted Subsystems 170

Taking Control of Token Requests 179

Summary 184

6 WIF and Windows Azure 185

The Basics 186

Packages and Config Files 187

The WIF Runtime Assembly and Windows Azure ................188

Windows Azure and X.509 Certificates 188

Web Roles 190

Sessions 191

Endpoint Identity and Trust Management 192

WCF Roles 195

Service Metadata 195

Sessions 196

Tracing and Diagnostics 201

WIF and ACS 204

Custom STS in the Cloud 205

Dynamic Metadata Generation 205

RP Management 213

Summary 213

7 The Road Ahead .215

New Scenarios and Technologies 215

ASP.NET MVC 216

Silverlight .223

SAML Protocol 229

Web Identities and REST .230

Conclusion .239

Index 241