Dominick Baier on Security @CODEKICKER

7

Moving to a new Blog

In the next days I will move my blog to WordPress. The domain name will stay the same, but the permalinks won’t (unfortunately). To make the transition automatically, use this feedburner feed that I will update once the switch is done: http://feeds.feedburner.com/leastprivilege

14.05.2012 | 17 0

8

“Fluent” API for the X509 Certificate Store

It is annoying how often I write code directly against X509Store. Maybe this will end this once and for all: var cert X509.CurrentUser.My.Thumbprint.FindFirst("abc"); source code here.

20.04.2012 | 42 0

11

Thinktecture.IdentityModel.Http and the ASP.NET Web API CodePlex bits

I will keep the github repo in sync with the major releases of Web API (like Beta, RC, RTM). Because of the changes made to Web API after beta, my current bits don’t build against the CodePlex version anymore. Today I installed a build environment for the CodePlex bits, and migrated my code. It turns out the changes are pretty easy: Simply replace Request.GetUserPrincipal() with ...

11.04.2012 | 72 0

5

Identity in .NET 4.5–Part 4: Claims over Kerberos

Today I found this article about the new Kerberos features in Windows Server 8. It also mentions claims and how to enable them. Made me smile ;)

07.04.2012 | 78 0

9

Thinktecture IdentityServer and Contrib Project now on GitHub

title says it all really. I even have a contribution from the community already – a user repository that authenticates against Active Directory. Thanks Marcel Scherpenisse. URLs are: https://github.com/thinktecture/Thinktecture.IdentityServer https://github.com/thinktecture/Thinktecture.IdentityServer.Contrib

04.04.2012 | 62 0

7

Identity in .NET 4.5–Part 3: (Breaking) changes

I recently started porting a private build of Thinktecture.IdentityModel to .NET 4.5 and noticed a number of changes. The good news is that I can delete large parts of my library because many features are now in the box. Along the way I found some other nice additions. ClaimsIdentity now has methods to query the claims collection, e.g. HasClaim(), FindFirst(), FindAll(). ...

04.04.2012 | 66 0

11

Identity in .NET 4.5–Part 2: Claims Transformation in ASP.NET (Beta 1)

In my last post I described how every identity in .NET 4.5 is now claims-based. If you are coming from WIF you might think, great – how do I transform those claims? Sidebar: What is claims transformation? One of the most essential features of WIF (and .NET 4.5) is the ability to transform credentials (or tokens) to claims. During that process the “low level” token details are turned ...

04.04.2012 | 44 0

5

Identity in .NET 4.5–Part 1: Status Quo (Beta 1)

.NET 4.5 is a big release for claims-based identity. WIF ... are now a first class citizen in the whole .NET Framework. All built-in identity classes, like FormsIdentity for ASP.NET ... In other words, the moment you compile your .NET application against 4.5, you are claims-based. That’s a big ... to design security features with the new .NET framework. I am currently doing a number of proof ...

16.03.2012 | 65 0

6

ASP.NET WebAPI Security 5: JavaScript Clients

... from the same web application that also contains the web API s. Think a web page that does some AJAX style callbacks to ... its magic to establish a client identity context. Since WebAPI inherits the security context from its (web) host, the client identity is ... JavaScript code *not* running in the context of the WebAPI hosting application. This is more or less just like a normal desktop ...

15.03.2012 | 97 0

9

ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios

... var response client.GetAsync("identity").Result; response.EnsureSuccessStatusCode(); SAML Authentication To integrate a Web API with an existing enterprise identity provider like ADFS, you can use SAML ... that it’s pretty straightforward to implement various authentication scenarios using WebAPI and my authentication library. Stay tuned for more client samples!

14.03.2012 | 107 0

8

ASP.NET WebAPI Security 3: Extensible Authentication Framework

... architecture of ASP.NET Web API . The short version was, that Web API (beta 1) does not really have ... / mobile). Since Web API provides a nice extensibility model, it ... This is a Web API extensibility point that gets to see ... from host to Web API , which means that handler code ... useful if your Web API can consume SAML ... handler to a Web API application In the spirit of Web API this is done in ...

13.03.2012 | 124 0

11

ASP.NET WebAPI Security 2: Identity Architecture

... diagram) about the WebAPI hosting architecture. So ... takeaway is that WebAPI is hosting independent- ... to the WebAPI abstraction (called HttpRequestMessage). ... is that WebAPI receives whatever IPrincipal ... WebAPI is hosting independent ... WebAPI code retrieve the ... WebAPI inherit the client ... WebAPI . But – ... WebAPI is inconsistent. This ... WebAPI (this is not ... WebAPI developers can retrieve ...

08.03.2012 | 137 0

10

ASP.NET WebAPI Security 1: Introducing Thinktecture.IdentityModel.Http

Over the course of the next posts I will describe the security options you have when writing services using the new ASP.NET WebAPI. Before I start digging into the gory details, all the sample code and concepts I will show are implemented in the newest incarnation of Thinktecture.IdentityModel: https://github.com/thinktecture/Thinktecture.IdentityModel.Http Stay ...

07.03.2012 | 83 0

7

Thinktecture.IdentityModel.* on GitHub

I uploaded Thinkecture.IdentityModel (core) and Thinktecture.IdentityModel.Web (WCF Web Programing Model) to github. I thought that’s the easiest to make the source code available, especially for the stuff that is work in progress.

06.03.2012 | 77 0

4

Preview: Authentication Framework and Claims-based Identity for ASP.NET WebApi

I have moved this to the new ASP.NET WebApi. I am pretty happy with it! You can download the work in progress here: https://github.com/leastprivilege/ASP.NET-WebApi-Security HTH

23.02.2012 | 93 0

3

SharePoint Web Service, ADFS and StarterSTS/IdentityServer

Another nice piece from Sam! thanks! http://www.huggill.com/2012/02/04/claims-proxy-a-c-sharp-library-for-calling-claims-protected-web-services/

21.02.2012 | 97 0

5

StarterSTS hits 10k downloads

Thanks to all who downloaded, tested and improved StarterSTS. We just hit 10k downloads. Now it is time to move on. Please use IdentityServer from now on, as StarterSTS will not be maintained anymore. Have fun!

17.02.2012 | 85 0

8

IdentityServer v1.0.1 On-Premise and Azure Edition

I just uploaded the final Azure Edition as well as a combined Azure and on-premise source package to Codeplex. http://identityserver.codeplex.com/releases I am also in the process of building a wiki for documentation – it is not done yet – but can be browsed here: http://wiki.thinktecture.com/IdentityServer.MainPage.ashx Any feedback, bug reports, volunteers (coding, ...

17.02.2012 | 84 0

12

Web Apps vs Web Services: 302s and 401s are not always good Friends

It is not very uncommon to have web sites that have web UX and services content. The UX part maybe uses WS-Federation (or some other redirect based mechanism). That means whenever an authorization error occurs (401 status code), this is picked by the corresponding redirect module and turned into a redirect (302) to the login page. All is good. But in services, when you emit a 401, you ...

10.02.2012 | 65 0

5

Replacing ASP.NET Forms Authentication with WIF Session Authentication (for the better)

ASP.NET Forms Authentication and WIF Session Authentication (which has *nothing* to do with ASP.NET sessions) are very similar. Both inspect incoming requests for a special cookie that contains identity information, if that cookie is present it gets validated and if that is successful, the identity information is made available to the application via ...

09.02.2012 | 127 0

9

Mixing Forms and Token Authentication in a single ASP.NET Application (the Details)

The scenario described in my last post works because of the design around HTTP modules in ASP.NET. Authentication related modules (like Forms authentication and WIF WS-Fed/Sessions) typically subscribe to three events in the pipeline – AuthenticateRequest/PostAuthenticateRequest for pre-processing and EndRequest for post-processing (like making redirects to a login ...

02.02.2012 | 114 0

5

Mixing Forms and Token Authentication in a single ASP.NET Application

I recently had the task to find out how to mix ASP.NET Forms Authentication with WIF’s WS-Federation. The FormsAuth app did already exist, and a new sub-directory of this application should use ADFS for authentication. Minimum changes to the existing application code would be a plus ;) Since the application is using ASP.NET MVC this was quite easy to accomplish – WebForms would be ...

02.02.2012 | 96 0

5

Thinktecture IdentityServer Azure Edition RC

I found some time over the holidays to finalize the Azure edition of IdentityServer . http://identityserver.codeplex.com/releases/view/81206 The biggest difference to the on-premise version (and earlier Azure betas) is, that by default IdSrv now uses Azure Storage for all data storage (configuration & user data). This means that there is no need anymore for SQL Azure ...

27.01.2012 | 109 0

12

Google Apps and IdentityServer

nice!

16.01.2012 | 45 0

6

Troopers 2012

My last advice for 2011: Get a ticket for Troopers 2012 before it is sold out. If you like to learn about IPv6, Android, iOS, SAP or cloud security (and much more) – that’s the place to be!

31.12.2011 | 71 0

Dominick Baier on Security

News und Artikel von Dominick Baier on Security