|
|
browse.develop.com
Browse.develop.com is a community that was established to collect and
organize valuable web information. Our technical staff have selected and
indexed information and courses that they feel will help you stay
current on best practices across the SDLC.
|
1 Articles match "ASP.Net","Token"
|
Related DevelopMentor Courses
|
MORE
|
|
.NET Security
Identify and prioritize risks and vulnerabilities in applications Protect data using encryption and signatures Impersonate and delegate Windows credentials Integrate with Windows domains and network authentication Write sandboxed applications Avoid common security threats like cross-site scripting or SQL injection Use CardSpace to authenticate users Secure communication with WCF Authenticate and authorize users in ASP.NET Security is a feature. Discover the CLR's native security infrastructure (Code Access Security) and the security architecture behind web applications (ASP.NET), web services
DevelopMentor Courses
- Friday, June 12, 2009
|
29 Articles match "ASP.Net","Token"
|
The Latest from DevelopMentor
|
MORE
|
|
WCF, WIF and Load Balancing (and a bit of Azure)
giving some background information on how session tokens are protected in WIF – here
some default SecureConversation only transmits a session identifier (like a ASP.NET
session SAML) token will get parsed on every request – this includes invoking the ClaimsAuthenticationManager .
This your Pablo wrote a post yesterday
giving some additional info for WCF:
The
www.leastprivilege.com
- Thursday, February 18, 2010
WIF Configuration – Part 1: ServiceConfiguration
Named configuration elements that you can selectively load (service & token handler
configuration) for token handlers, issuer name registries or claims
authorization) This is useful when you build your own integration, but for WCF and ASP.NET there
is ASP.NET you can subscribe to WIF supports a flexible configuration system and various ways to programmatically
interact interact with that configuration.
This
www.leastprivilege.com
- Tuesday, December 22, 2009
|
-
|
The Best from DevelopMentor
|
MORE
|
-
(SAML) Token Creation in a Geneva STS
tokens, it’s worthwhile to have a closer look.
Internally the SecurityTokenService class drives a “token information gathering”
token neutral description) of the token to be issued. passed on to a SecurityTokenHandler that creates the security token. By default, Geneva STS developers are quite shielded from the SAML creation process
– you simply derive from SecurityTokenService and implement GetScope and GetOutputClaimsIdentity ,
and the rest gets done by the framework.
www.leastprivilege.com
- Saturday, November 22, 2008
-
ASP.NET Security Goodness
A bunch of (ASP.NET) security tools got released over the weekend – highly recommended!
library designed to help developers protect their ASP.NET web-based applications from
mobile browsers - A sample application - Security Runtime Engine (SRE) HTTP module.”
download
AntiCSRF
“AntiCSRF makes it easier for ASP.NET developers to guard themselves against Cross
Get more info from Mark and Barry .
CAT.NET V1 CTP
“CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws
within
www.leastprivilege.com
- Monday, December 15, 2008
-
Thinktecture Security Token Service Starter Kit
kit is a compact, easy to use identity provider that is completely based on the ASP.NET
a learning tool on how to write custom token services. Some features:
active and passive security token service
supports WS-Federation, WS-Trust 1.3 (message tokens
based on the standard membership, I am happy to announce the “Thinktecture STS Starter Kit” sample. The STS starter
www.leastprivilege.com
- Monday, May 25, 2009
-
Integrating Simple Web Tokens (SWT) with WCF REST Services using WIF
The Simple Web Token (SWT) is a new & simple token format that was created by
Microsoft, uses this token type.
Why Why yet another token type? The downsides are – it is not a widely adopted token format (current spec version
is Microsoft, Google and others. See here for
specs.
www.leastprivilege.com
- Monday, February 8, 2010
-
Using the .NET Access Control Service with Geneva
The sample uses the “old” WCF plumbing to process tokens and create claims based on
compat STS) at the ACS
your client obtains a token from the ACS (by sending their identity token)
this token is used to authenticate with your service
your service accepts tokens from the ACS and uses their claims for identity related
work
For your service this means the following:
If you haven’t checked out the .NET NET Access Control Service yet – I can highly recommend
www.leastprivilege.com
- Thursday, December 11, 2008
-
Use Geneva Session Management for your own needs
In all the typical samples this is used to convert an incoming SAML token to a cookie
an additional SecurityToken (the so called bootstrap token).
to serialize claims principals and security tokens into cookies. First use the Visual Studio Geneva templates to create a simple “Claims-aware ASP.Net
Geneva Framework is a Framework is a Framework.
One part of that framework is the SessionAuthenticationModule for ASP.NET.
www.leastprivilege.com
- Sunday, May 24, 2009
-
Using Information Cards in ASMX Web Services
an Information Card token is just a string. To transmit the token to the service, I will use a SOAP header. is to define the header:
[ XmlRoot (ElementName
= "InformationCard" ,
Namespace = "[link] )]
public class InfoCardTokenHeader : SoapHeader
{
public string Token;
}
to get a token manually. As I wrote here -
This means that (with the help of some
www.leastprivilege.com
- Sunday, March 30, 2008
|
|
|
