browse.develop.com
Browse.develop.com is a community that was established to collect and organize valuable web information. Our technical staff have selected and indexed information and courses that they feel will help you stay current on best practices across the SDLC.

8 Articles match "Token","Web"

Related DevelopMentor Courses MORE
Essential Windows Communication Foundation 4 Training
Because it incorporates web service standards, WCF enables interoperability with other platforms such as Java/Unix. How can I model services in a pure Web style? You will learn the fundamentals of REST as well as how to leverage WCF's web programming model to implement Rest-ful ideas in an efficient way - including serialization, content negotiation, and caching. Windows Communication Foundation (WCF) replaces previous technologies such as.NET Remoting, ASMX, and COM+. You'll get answers to these questions: How do I design services using contracts? But what does this mean?
DevelopMentor Courses - Tuesday, March 1, 2011
READ MORE
Windows Azure Platform: Cloud Computing for.NET Developers
In addition, you will see Web Role, Worker Role and the VM role in action and learn about when to use what. Security token services play a central part in making this happen. Microsoft provides a ready to use token service for Active Directory networks called ADFS 2. It enables easy integration into WS-Trust, WS-Federation, OpenID and OAuth world of protocols and features a simple claims transformation engine for creating the claims and token types for your applications. Windows Azure storage services provide storage for blobs, structured data and queues.
DevelopMentor Courses - Wednesday, February 22, 2012
READ MORE
Essential Windows Identity Foundation
Day 1 Intro to Claims-based Identity & the Windows Identity Foundation WIF introduces important concepts like conversion of security tokens and credentials to claims, claims transformation and claims-based authorization. Externalizing Authentication for Web Applications WIF includes support for the WS-Federation protocol. The authentication part is called identity provider or in more general terms - a security token service. In the spirit of the preceding modules, we will have a look at how WIF integrates into the (SOAP) web service world.
DevelopMentor Courses - Wednesday, February 22, 2012
READ MORE

39 Articles match "Token","Web"

The Latest from DevelopMentor MORE
Identity in.NET 4.5–Part 3: (Breaking) changes
This makes it much easier to deal with non-XML tokens like SWT or JWT. new session security token handler that uses the ASP.NET machine key to protect the cookie. This makes it easier to get started in web farm scenarios. Bootstrap token handling is different now. I recently started porting a private build of Thinktecture.IdentityModel to.NET 4.5 and noticed a number of changes. The good news is that I can delete large parts of my library because many features are now in the box. Along the way I found some other nice additions. Services) and System.ServiceModel.
www.leastprivilege.com - Wednesday, April 4, 2012
READ MORE
ASP.NET WebAPI Security 5: JavaScript Clients
The most common is probably that the JS code is originating from the same web application that also contains the web APIs. Think a web page that does some AJAX style callbacks to an API that belongs to that web app – Validation, data access etc. The typical course of events is that the user first logs on to the web application – which will result in an authentication cookie of some sort. Since WebAPI inherits the security context from its (web) host, the client identity is also available here. callback(result.access_token); }, error: function (error) {.
www.leastprivilege.com - Thursday, March 15, 2012
READ MORE
ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios
All the clients follow a basic pattern: Acquire client credential (a single token, multiple tokens, username/password). To integrate a Web API with an existing enterprise identity provider like ADFS, you can use SAML tokens. RequestType = RequestTypes.Issue, KeyType = KeyTypes.Bearer, AppliesTo = new EndpointAddress ( Constants.Realm). }; var token = factory.CreateChannel().Issue(rst) When you have an identity provider that directly supports a (simple) web token, you can acquire the token directly without the conversion step. Call Service.
www.leastprivilege.com - Wednesday, March 14, 2012
READ MORE
  • The Best from DevelopMentor MORE
  • Integrating Simple Web Tokens (SWT) with WCF REST Services using WIF
    The Simple Web Token (SWT) is a new & simple token format that was created by Microsoft, Google and others. The Azure platform App Fabric Access Control service e.g. uses this token type. Why yet another token type? The downsides are – it is not a widely adopted token format (current spec version is 0.9.5.1) The plumbing looks for a SWT token either on the Authorization or X-Authorization header as well as on the query string. Using the power of WIF, it is simple to transform the SWT token into an IClaimsPrincipal. See here for specs.
    www.leastprivilege.com - Monday, February 8, 2010
    READ MORE
  • Thinktecture Security Token Service Starter Kit
    It is built using the Geneva framework Beta 2 bits and is a self contained web site with passive and active endpoints. The other reason is that starter STS is not terribly complex and could be used as a learning tool on how to write custom token services. Some features: active and passive security token service. tokens. role provider is used for authorization in the web front-end and to provider role claims. dynamic web UI to allow users to maintain their profile data. I am happy to announce the “Thinktecture STS Starter Kit” sample. Have fun!
    www.leastprivilege.com - Monday, May 25, 2009
    READ MORE
  • Token based Authentication and Claims for Restful Services
    WIF as it exists today is optimized for web applications (passive/WS-Federation) and SOAP based services (active/WS-Trust). While there is limited support for WCF WebServiceHost based services (for standard credential types like Windows and Basic), there is no ready to use plumbing for RESTful services that do authentication based on tokens. There are a number of intermediate solutions, emerging protocols and token types , as well as some already deprecated ones. Infrastructure to convert tokens into claims (called security token handler). Here’s how.
    www.leastprivilege.com - Tuesday, November 15, 2011
    READ MORE
  • Token based Authentication for WCF HTTP/REST Services: Authentication
    This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. The framework should be able to handle typical scenarios like username/password based authentication, as well as token based authentication. The framework should allow adding new supported token types. Should work with WCF web programming model either self-host or IIS hosted. Check if a “registered” token (more on that later) is present. The full object model looks like this: Token handling. Disclaimer. Error handling.
    www.leastprivilege.com - Tuesday, November 15, 2011
    READ MORE
  • Adding a REST Endpoint to a WIF Token Service
    Sometimes it is useful to have a really simple way to acquire a token from a token service – without having to fiddle around with WS-Federation or WS-Trust. Issuing a simple GET request against a token issuance endpoint seems to fulfill that requirement. So I decided to a add a simple HTTP endpoint to my STS using the WCF web programming model: [ ServiceContract ]. You could provide more parameters here (like token type, lifetime etc.) Then you have to construct a RST and IClaimsPrincipal to describe the token request and pass that into the Issue method.
    www.leastprivilege.com - Friday, September 11, 2009
    READ MORE
  • Using an Active Endpoint to sign into a Web Application
    The scenario is, that you don’t want to do a passive redirect in a web app – but directly talk to an active STS endpoint to authenticate and request a token. The reasons for that could be that you need a local sign-in page in the web app – or that the token service is not publicly reachable. RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress ( "https://rp/" ), KeyType = KeyTypes.Bearer. }; var genericToken = channel.Issue(rst) as GenericXmlSecurityToken ; // parse token. First(); // create session token.
    www.leastprivilege.com - Wednesday, April 14, 2010
    READ MORE
  • Access Control Service: Walkthrough Videos of Web Application, SOAP, REST and Silverlight Integration
    This video does a quick walkthrough of the solution and shows the web application part. This video shows how to wire up the service to ACS and hows how to create a client that first requests a token from an IdP and then sends this token to ACS. This part shows how to set up a WCF REST service that consumes SWT tokens from ACS. Part 4 – Silverlight and Web Identity Integration. The Silverlight Client shows ho to sign in to the application using a registered identity provider (including web identities) and using the resulting SWT token to call our REST service.
    www.leastprivilege.com - Tuesday, May 24, 2011
    READ MORE