browse.develop.com
Browse.develop.com is a community that was established to collect and organize valuable web information. Our technical staff have selected and indexed information and courses that they feel will help you stay current on best practices across the SDLC.

5 Articles match "Restful","Security Token"

Related DevelopMentor Courses MORE
Windows Azure Platform: Cloud Computing for.NET Developers
Security token services play a central part in making this happen. Microsoft provides a ready to use token service for Active Directory networks called ADFS 2. This module gives guidance when to use which approach and shows some of the security scenarios you can accomplish using federation and single sign-on in Windows Azure. It enables easy integration into WS-Trust, WS-Federation, OpenID and OAuth world of protocols and features a simple claims transformation engine for creating the claims and token types for your applications.
DevelopMentor Courses - Wednesday, February 22, 2012
READ MORE
Essential Windows Identity Foundation
This gives you the expressiveness to model authentication, authorization and personalization using an abstraction that can scale very well from simple scenarios to the most complex security requirements. ? Claims-based identity is the new and preferred way to model security in distributed applications. ?xml:namespace xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> The Windows Identity Foundation (WIF) is Microsoft's update to the traditional.NET security system to integrate claims into ASP.NET and WCF (and arbitrary.NET applications in general).
DevelopMentor Courses - Wednesday, February 22, 2012
READ MORE
Essential Windows Identity Foundation
This gives you the expressiveness to model authentication, authorization and personalization using an abstraction that can scale very well from simple scenarios to the most complex security requirements. ? Claims-based identity is the new and preferred way to model security in distributed applications. ?xml:namespace xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> The Windows Identity Foundation (WIF) is Microsoft's update to the traditional.NET security system to integrate claims into ASP.NET and WCF (and arbitrary.NET applications in general).
DevelopMentor Courses - Thursday, August 18, 2011
READ MORE

11 Articles match "Restful","Security Token"

The Latest from DevelopMentor MORE
ASP.NET WebAPI Security 3: Extensible Authentication Framework
The short version was, that Web API (beta 1) does not really have an authentication system on its own, but inherits the client security context from its host. Examples of that would be token based authentication and clients that don’t run in the context of the web application (e.g. Since Web API provides a nice extensibility model, it is easy to implement whatever security framework you want on top of it. In the rest of the post I am outlining some of the bits and pieces, So you know what you are dealing with, in case you want to try the code. Extensible. and 2.0
www.leastprivilege.com - Tuesday, March 13, 2012
READ MORE
2011 Recap
That gig ended in July, when I picked up some WCF work in Fort Worth building an external-facing REST-ful WCF service, as well as some internal-facing queued WCF services. That morphed into a project building a Security Token Service using Windows Identity Foundation by customizing the Thinktecture Identity Server authored by Dominick Baier. With the advent of my toolkit, I started blogging more often, holding forth on a variety of topics, including WCF, REST, Data Services, ASP.NET MVC, and the Onion Architecture. He is the youngest of our three children. Personal
Tony and Zuzana's World - Tuesday, January 31, 2012
READ MORE
Token based Authentication for WCF HTTP/REST Services: Authentication
This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. The framework should be able to handle typical scenarios like username/password based authentication, as well as token based authentication. The framework should allow adding new supported token types. In WCF the main extensibility point for this kind of security work is the ServiceAuthorizationManager. Check if a “registered” token (more on that later) is present. Disclaimer. Goals and requirements.
www.leastprivilege.com - Tuesday, November 15, 2011
READ MORE
  • The Best from DevelopMentor MORE
  • Token based Authentication and Claims for Restful Services
    While there is limited support for WCF WebServiceHost based services (for standard credential types like Windows and Basic), there is no ready to use plumbing for RESTful services that do authentication based on tokens. This is not an oversight from the WIF team, but the REST services security world is currently rapidly changing – and that’s by design. There are a number of intermediate solutions, emerging protocols and token types , as well as some already deprecated ones. Infrastructure to convert tokens into claims (called security token handler).
    www.leastprivilege.com - Tuesday, November 15, 2011
    READ MORE
  • Token based Authentication for WCF HTTP/REST Services: Authentication
    This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. The framework should be able to handle typical scenarios like username/password based authentication, as well as token based authentication. The framework should allow adding new supported token types. In WCF the main extensibility point for this kind of security work is the ServiceAuthorizationManager. Check if a “registered” token (more on that later) is present. Disclaimer. Goals and requirements.
    www.leastprivilege.com - Tuesday, November 15, 2011
    READ MORE
  • ASP.NET WebAPI Security 3: Extensible Authentication Framework
    The short version was, that Web API (beta 1) does not really have an authentication system on its own, but inherits the client security context from its host. Examples of that would be token based authentication and clients that don’t run in the context of the web application (e.g. Since Web API provides a nice extensibility model, it is easy to implement whatever security framework you want on top of it. In the rest of the post I am outlining some of the bits and pieces, So you know what you are dealing with, in case you want to try the code. Extensible. and 2.0
    www.leastprivilege.com - Tuesday, March 13, 2012
    READ MORE
  • Thinktecture StarterSTS 1.0 RTW
    started to work with what’s now called WIF approximately two years ago – and built various security token services for customers, demos and internal use. The idea behind StarterSTS was to have a non-trivial security token service sample that demonstrates the typical tasks of an STS (where it turns out that issuing tokens is by far the smallest part) and at the same time is real world enough to be directly used in specialized situations like development STSes. Using the REST endpoint. Today I am announcing StarterSTS 1.0 Now that 1.0 Codeplex Site.
    www.leastprivilege.com - Saturday, April 3, 2010
    READ MORE
  • Need WIF Training?
    The course includes extensive lab material where you take standard application and apply all kinds of claims and federation techniques and technologies like WS-Federation, WS-Trust, session management, delegation, home realm discovery, multiple identity providers, Access Control Service, REST, SWT and OAuth. WIF introduces important concepts like conversion of security tokens and credentials to claims, claims transformation and claims-based authorization. The authentication part is called identity provider or in more general terms - a security token service.
    www.leastprivilege.com - Wednesday, November 9, 2011
    READ MORE
  • Access Control Service: Transitioning between Active and Passive Scenarios
    As I mentioned in my last post, ACS features a number of ways to transition between protocol and token types. The wsfederation bit in the wctx parameter indicates, that the response to the token request will be transmitted back to the relying party via a POST. So far so good – but how can an active client receive that token now? ACS knows an alternative way to send the token request response. Instead of doing the redirect back to the RP, it emits a page that in turn echoes the token response using JavaScript’s window.external.notify. Let’s see how this works.
    www.leastprivilege.com - Wednesday, June 22, 2011
    READ MORE
  • 2011 Recap
    That gig ended in July, when I picked up some WCF work in Fort Worth building an external-facing REST-ful WCF service, as well as some internal-facing queued WCF services. That morphed into a project building a Security Token Service using Windows Identity Foundation by customizing the Thinktecture Identity Server authored by Dominick Baier. With the advent of my toolkit, I started blogging more often, holding forth on a variety of topics, including WCF, REST, Data Services, ASP.NET MVC, and the Onion Architecture. He is the youngest of our three children. Personal
    Tony and Zuzana's World - Tuesday, January 31, 2012
    READ MORE
%>