browse.develop.com
Browse.develop.com is a community that was established to collect and organize valuable web information. Our technical staff have selected and indexed information and courses that they feel will help you stay current on best practices across the SDLC.

5 Articles match "Security Token","WCF"

Related DevelopMentor Courses MORE
Essential Windows Communication Foundation 3.5 - WCF
Windows Communication Foundation (WCF) replaces previous technologies such as.NET remoting, ASMX, and COM+. Because it incorporates web service standards, WCF enables interoperability with other platforms such as Java/Unix. Discover the fundamental tasks of building services-contracts, error handling, serialization, instance and concurrency management, hosting, security, identity management, and reliability. How do I secure a service? Day 1 Service-Oriented Architecture WCF encourages you to write service oriented applications. WCF includes the ?
DevelopMentor Courses - Friday, April 16, 2010
READ MORE
Pragmatic Cloud Computing for.NET Developers Training
The Windows Identity Foundation (WIF) provides.NET developers with the necessary base functionality and plumbing to integrate claims based security into ASP.NET and WCF. Single Sign-On, Federation & Security Token Services Leveraging the power of claims, you can start federating your cloud services with on-premise identity stores. Security token services play a central part in making this happen. Microsoft provides a ready to use token service for Active Directory networks called ADFS 2.
DevelopMentor Courses - Thursday, July 22, 2010
READ MORE
Advanced Windows Communication Foundation
Windows Communication Foundation (WCF) replaces previous technologies such as.NET remoting, ASMX, and COM+. Because it incorporates web service standards, WCF enables interoperability with other platforms such as Java/Unix. Discover the advanced tasks of building services-contracts, serialization, hosting, security, identity management, and reliability. How do I secure a service? Day 1 Asynchronous Processing WCF supports asynchronous IO via operation contracts with the common Begin/End pattern. We discover when to use transport versus message security.
DevelopMentor Courses - Monday, March 1, 2010
READ MORE

14 Articles match "Security Token","WCF"

The Latest from DevelopMentor MORE
A more elegant way of embedding a SOAP security header in Silverlight 4
The current situation with Silverlight is, that there is no support for the WCF federation binding. This means that all security token related interactions have to be done manually. Requesting the token from an STS is not really the bad part, sending it along with outgoing SOAP messages is what’s a little annoying. It seems that starting with SL4 there is more support for traditional WCF extensibility points – especially IEndpointBehavior , IClientMessageInspector. rstr = rstr; }. public void AfterReceiveReply( ref Message reply, object correlationState). { }.
www.leastprivilege.com - Thursday, May 13, 2010
READ MORE
Using SAML as a Client Credential Type in WCF (updated to WIF RTM)
The main work was in the SAML security token handler Validate method, this looks now like this: public override ClaimsIdentityCollection ValidateToken( SecurityToken token). {. if (token == null ). {. throw new ArgumentNullException ( "token" ); }. var samlToken = token as SamlSecurityToken ; if (samlToken == null ). {. throw new ArgumentException ( "token" ); }. throw new ArgumentException ( "token" ); }. throw new SecurityTokenValidationException ( "Security token validation failed" , ex); }. }. else. {. return false ; }.
www.leastprivilege.com - Thursday, February 4, 2010
READ MORE
Adding a REST Endpoint to a WIF Token Service
Sometimes it is useful to have a really simple way to acquire a token from a token service – without having to fiddle around with WS-Federation or WS-Trust. Issuing a simple GET request against a token issuance endpoint seems to fulfill that requirement. So I decided to a add a simple HTTP endpoint to my STS using the WCF web programming model: [ ServiceContract ]. You could provide more parameters here (like token type, lifetime etc.) If you need to support client certificates, you would get the certificate details from WCF’s AuthorizationContext.
www.leastprivilege.com - Friday, September 11, 2009
READ MORE
  • The Best from DevelopMentor MORE
  • Thinktecture Security Token Service Starter Kit
    The other reason is that starter STS is not terribly complex and could be used as a learning tool on how to write custom token services. Some features: active and passive security token service. tokens. easy configuration – you don’t have to deal with Geneva or WCF settings directly. control over security policy (SSL, encryption, SOAP security). I am happy to announce the “Thinktecture STS Starter Kit” sample. The STS starter kit is a compact, easy to use identity provider that is completely based on the ASP.NET provider infrastructure. FedUtil.
    www.leastprivilege.com - Monday, May 25, 2009
    READ MORE
  • Geneva Framework Quick Tip: Hosting a Security Token Service
    The idea of the security token service infrastructure in Geneva is, that it is completely host agnostic. The key to STS hosting (and that’s btw what the WCF WSTrustServiceContract class or the FederatedPassiveSignin web control does) is to create a token service from configuration. The STS itself expects a RequestSecurityToken and returns a RequestSecurityTokenResponse. It is the job of the host to translate some protocol back and forth to this technology independent representation. And this couldn’t be easier ;).
    www.leastprivilege.com - Wednesday, May 27, 2009
    READ MORE
  • Geneva is the new WCF Security
    Geneva has evolved to not only a an extension to WCF/ASP.NET for STS/token related things - it also changes how base WCF security works - to the better IMO. Typically you ended up writing some custom validation because both Peer- and ChainTrust is often not what you want (and there are also some differences when it comes to message vs transport based security - see here , here and here ). Another big simplification with Geneva comes to custom token/credential types (ever tried adding a new credential type of WCF? Tags: IdentityModel;WCF
    www.leastprivilege.com - Thursday, October 30, 2008
    READ MORE
  • (SAML) Token Creation in a Geneva STS
    But if you need more control over the generated tokens, it’s worthwhile to have a closer look. Internally the SecurityTokenService class drives a “token information gathering” pipeline which results in the construction of a SecurityTokenDescriptor (a token neutral description) of the token to be issued. After that the descriptor is passed on to a SecurityTokenHandler that creates the security token. In the last step, the generated token is wrapped in an RSTR and sent back. Returns the issuer for the token. token creation.
    www.leastprivilege.com - Saturday, November 22, 2008
    READ MORE
  • Using the.NET Access Control Service with Geneva
    The sample uses the “old” WCF plumbing to process tokens and create claims based on that. your client obtains a token from the ACS (by sending their identity token). this token is used to authenticate with your service. your service accepts tokens from the ACS and uses their claims for identity related work. For your service this means the following: accept tokens that are signed by the ACS. make sure the issuer of that token is your personal instance of the ACS ([link]. security token handler that check the SAML issuer name.
    www.leastprivilege.com - Thursday, December 11, 2008
    READ MORE
  • Geneva integration into WCF
    Having done quite a bit of WCF customization myself, it is fun to see how Geneva framework wires itself up into the WCF runtime. The high-level goals are as follows: route the token provisioning, serialization and authentication through the Geneva pipeline. allow setting issued tokens directly on a ChannelFactory. replace the standard WCF ServiceCredential with a FederatedServiceCredential. this in turn creates the token provider, serializer and authenticator. create token resolvers for. Persisting the bootstrap token also happens here.
    www.leastprivilege.com - Thursday, March 12, 2009
    READ MORE
  • Custom WCF Credential Types
    Every once in a while the question comes up how to extend WCF with custom credential types. It turns out that most of the time people don’t really want to invent custom tokens or credential types, but rather want to extend username/password style of credentials (e.g. Unfortunately the UserName token does not support this type of extensibility but there are several options to accomplish this: If your extensibility requirements are very simple you could try to encode all the information into the username and password fields of a UserName credential.
    www.leastprivilege.com - Monday, March 9, 2009
    READ MORE