A typical scenario for an ISV that wants to create the "next application in the cloud" will be how to support identity federation with their customers (tenants). A common requirement I’ve heard is: "I want to enable single sign on and allow enterprises that have their own STS to integrate with us. For companies that... read more
Published by Matias Woloski on February 13th, 2009 7:25 am under ASP.Net, Cloud Computing, Federation, Geneva, Identity, LiveID, MVC, PDC08, WCF, azure
Couple of weeks ago Ryan Dunn announced Azure Issue Tracker. From this post: "This sample application is a simple issue tracking service and website that pulls together a couple of the Azure services: SQL Data Services and .NET Access Control Service." I’ve been working with Ryan and other guys at DPE and Southworks to put... read more
One of the things I didn’t like of the WSFederationHttpBinding is that it encapsulates lots of things. In particular, the call against the STS to obtain a SAML token. I wanted to have control over that process. The good news is that the Geneva Framework allow us to do all that in a very... read more
This took some time and you are lucky if you hit this after a search. This extension method allows you to decrypt a SAML 1.1 security token using Geneva Framework. public static ClaimsIdentityCollection ToClaimsIdentityCollection(this GenericXmlSecurityToken token, string thumbprintPrivateKey, string thumbprintIssuerPublicKey, TrustVersion trustVersion) { // Decrypt token var tokenString = new StringReader(token.TokenXml.OuterXml); var reader =... read more
In the previous post I introduced a scenario where you can use .NET Services Access Control and Windows LiveID to delegate authentication and authorization. In this post we will go through the different pieces needed in the application to perform authorization checks. First thing will be configure the passive federation using Geneva on the application... read more
The last couple of months together with other people at Southworks we’ve been working with the DPE team on samples, demos, hands on labs for PDC all related to the cloud computing services Microsoft announced at PDC, the Azure Services Platform. During the week, I attended Kim Cameron‘s and Vittorio Bertocci session where they talked... read more
Published by on November 5th, 2008 2:08 am under Geneva
Functionality area Major changes made Product Name “Geneva” Framework replaces “Zermatt”. Claims Object Model ClaimsPrincipal.Current is replaced with Thread.CurrentPrincipal. Claims.Issuer is of type string instead of IClaimsIdentity. Authentication information is emitted as separate claims. STS Per call Instance. GetScope() is now abstract now. GetOutSubjects() renamed to GetOutputClaimsIdentity() Asynchronous programming added. FAM T:Microsoft.IdentityModel.Web.FederationAuthenticationModule refactored as T:Microsoft.IdentityModel.Web.WsFederatedAuthenticationModule.... read more
Definition “A Security Token Service (STS) is the plumbing that builds, signs, and issues security tokens using the interoperable protocols…” “The “Zermatt” Framework makes it easy to build your own STS. It’s up to you to figure out how to implement the logic, or rules that drive it (often referred to as security policy).” Active vs... read more