browse.develop.com
Browse.develop.com is a community that was established to collect and organize valuable web information. Our technical staff have selected and indexed information and courses that they feel will help you stay current on best practices across the SDLC.

2 Articles match "ASP.Net","Token"

Related DevelopMentor Courses MORE
Pragmatic Cloud Computing for.NET Developers Training
The Windows Identity Foundation (WIF) provides.NET developers with the necessary base functionality and plumbing to integrate claims based security into ASP.NET and WCF. Single Sign-On, Federation & Security Token Services Leveraging the power of claims, you can start federating your cloud services with on-premise identity stores. Security token services play a central part in making this happen. Microsoft provides a ready to use token service for Active Directory networks called ADFS 2. Furthermore WIF includes all the functionality needed to write your own.
DevelopMentor Courses - Thursday, July 22, 2010
READ MORE
NET Security
Identify and prioritize risks and vulnerabilities in applications Protect data using encryption and signatures Impersonate and delegate Windows credentials Integrate with Windows domains and network authentication Write sandboxed applications Avoid common security threats like cross-site scripting or SQL injection Use CardSpace to authenticate users Secure communication with WCF Authenticate and authorize users in ASP.NET Security is a feature. What's the best way to secure ASP.NET applications? But not every security feature is also a secure feature. brokered authentication.
DevelopMentor Courses - Friday, June 12, 2009
READ MORE

30 Articles match "ASP.Net","Token"

The Latest from DevelopMentor MORE
WCF, WIF and Load Balancing (and a bit of Azure)
Pablo wrote a post yesterday giving some background information on how session tokens are protected in WIF – here some additional info for WCF: The ws* bindings in WCF establish a security session by default (via WS-SecureConversation). By default SecureConversation only transmits a session identifier (like a ASP.NET session cookie) – the actual session is stored in-memory at the server. But this also means, that the bootstrap (SAML) token will get parsed on every request – this includes invoking the ClaimsAuthenticationManager. This has some implications, e.g. Cookie Mode.
www.leastprivilege.com - Thursday, February 18, 2010
READ MORE
Integrating Simple Web Tokens (SWT) with WCF REST Services using WIF
The Simple Web Token (SWT) is a new & simple token format that was created by Microsoft, Google and others. uses this token type. Why yet another token type? The downsides are – it is not a widely adopted token format (current spec version is 0.9.5.1) Since I had to do some ACS work recently, I crafted up a simple SWT integration for WCF based REST services (works in ASP.NET as well). The plumbing looks for a SWT token either on the Authorization or X-Authorization header as well as on the query string. See here for specs. X.509 based).
www.leastprivilege.com - Monday, February 8, 2010
READ MORE
WIF Configuration – Part 1: ServiceConfiguration
This flexibility comes in two ways: Named configuration elements that you can selectively load (service & token handler configuration). for token handlers, issuer name registries or claims authorization). This is useful when you build your own integration, but for WCF and ASP.NET there is already an infrastructure in place. In ASP.NET you can subscribe to the ServiceConfigurationCreated event of the FederatedAuthentication class. Tags: ASP.NET IdentityModel WCF Configuration extensibility (e.g. In this first part I’ll focus on the service configuration.
www.leastprivilege.com - Tuesday, December 22, 2009
READ MORE
  • The Best from DevelopMentor MORE
  • (SAML) Token Creation in a Geneva STS
    But if you need more control over the generated tokens, it’s worthwhile to have a closer look. Internally the SecurityTokenService class drives a “token information gathering” pipeline which results in the construction of a SecurityTokenDescriptor (a token neutral description) of the token to be issued. After that the descriptor is passed on to a SecurityTokenHandler that creates the security token. In the last step, the generated token is wrapped in an RSTR and sent back. reates the security token handler that is later used for creating the token.
    www.leastprivilege.com - Saturday, November 22, 2008
    READ MORE
  • ASP.NET Security Goodness
    A bunch of (ASP.NET) security tools got released over the weekend – highly recommended! is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. AntiCSRF makes it easier for ASP.NET developers to guard themselves against Cross Site Request Forgery. You'll no longer have to manually add and check protection tokens to protected yourself against CSRF attacks.”. Tags: ASP.NET;FX Security Get more info from Mark and Barry. CAT.NET V1 CTP. The following rules are currently support by this version of the tool.
    www.leastprivilege.com - Monday, December 15, 2008
    READ MORE
  • Thinktecture Security Token Service Starter Kit
    The STS starter kit is a compact, easy to use identity provider that is completely based on the ASP.NET provider infrastructure. The other reason is that starter STS is not terribly complex and could be used as a learning tool on how to write custom token services. Some features: active and passive security token service. tokens. I am happy to announce the “Thinktecture STS Starter Kit” sample. It is built using the Geneva framework Beta 2 bits and is a self contained web site with passive and active endpoints. The motivation behind writing this sample is twofold.
    www.leastprivilege.com - Monday, May 25, 2009
    READ MORE
  • Integrating Simple Web Tokens (SWT) with WCF REST Services using WIF
    The Simple Web Token (SWT) is a new & simple token format that was created by Microsoft, Google and others. uses this token type. Why yet another token type? The downsides are – it is not a widely adopted token format (current spec version is 0.9.5.1) Since I had to do some ACS work recently, I crafted up a simple SWT integration for WCF based REST services (works in ASP.NET as well). The plumbing looks for a SWT token either on the Authorization or X-Authorization header as well as on the query string. See here for specs. X.509 based).
    www.leastprivilege.com - Monday, February 8, 2010
    READ MORE
  • Using the.NET Access Control Service with Geneva
    The sample uses the “old” WCF plumbing to process tokens and create claims based on that. your client obtains a token from the ACS (by sending their identity token). this token is used to authenticate with your service. your service accepts tokens from the ACS and uses their claims for identity related work. For your service this means the following: accept tokens that are signed by the ACS. make sure the issuer of that token is your personal instance of the ACS ([link]. security token handler that check the SAML issuer name. base (). {.
    www.leastprivilege.com - Thursday, December 11, 2008
    READ MORE
  • Use Geneva Session Management for your own needs
    In all the typical samples this is used to convert an incoming SAML token to a cookie to establish an authentication session. SessionSecurityToken in turn is a container for an IClaimsPrincipal and an additional SecurityToken (the so called bootstrap token). This means that the SessionAuthenticationModule is a general module and API to serialize claims principals and security tokens into cookies. First use the Visual Studio Geneva templates to create a simple “Claims-aware ASP.Net WebSite”. Geneva Framework is a Framework is a Framework. Where can this be useful?
    www.leastprivilege.com - Sunday, May 24, 2009
    READ MORE
  • Display Tokens & Geneva
    What are display tokens? This differs from the “real” claims which are part of the security token and are encrypted for the relying party. for the technical specification and here for a good discussion of use and abuse of display tokens. In Geneva, display tokens are represented by the DisplayToken class (which is a container for DisplayClaim s). It seems that in the future you want to extend the ClaimsMapper class for your own display token work – for now the class does not seem to be ready for that. Generating a display token.
    www.leastprivilege.com - Friday, December 26, 2008
    READ MORE