Active Federation with ADFS 2.0 in C#

יום שלישי, אוגוסט 27, 2013

A customer asked me how to establish active federation in C# with two ADFS servers. The scenario is simple: - One ADFS acts as an STS (it authenticate the client) - The  Second ADFS acts as an R-STS and provides a token to the RP (application) using the token created   by the first STS. The code is simple and is based on .Net 4.5 WIF System.IdentityModel In the first step the client authenticate to the STS and get a SAML token:...
tags: , ,
no comments

Passive Federation Client

יום שני, יוני 3, 2013

As we all know it is simple to call a federated web site authenticated by AD FS 2.0 or any other identity provider using passive federation. The client is a browser that knows nothing about federation. All the browser knows is to send http requests and to submit html forms. It would be interesting to write a small library that will mimic the browser behavior and allow applications to call web sites using passive federation. such web sites can implement RESTful web services or any other http based API. Currently applications use ACTIVE federation which means they have...
no comments

Visual Studio Identity Support Works with .Net 4.5 Only

יום רביעי, נובמבר 21, 2012

Visual Studio has an Identity and Access tool extension which enables simple integration of claim based identity authentication into a web project (WCF and ASP.Net) It turns out that the tool depends on Windows Identity Framework (WIF) 4.5 which was integrated into the .Net framework and is not compatible with WIF 4.0. For .Net 4.5 only applications you will see the following when you right click the project. “Enable Windows Azure Authentication” integrate your project with Windows Azure Active Directory (WAAD).  “Identity and Access” integrate your project with Windows Azure Access Control Service (ACS)...
tags: , , ,

New tools for Federation in windows 8 and Framework 4.5

יום רביעי, ספטמבר 19, 2012

If you will try to install WIF SDK on a windows 8 with visual studio 2012 and then create a simple claim based application, you will see that “Add STS reference” is gone. So How do we use federation in visual studio 2012 and .net 4.5? Well it turns out that WIF as we know it is deprecated because it was integrated in the core of .Net 4.5 and the SDK is now provided as a set of powerful tools integrated into Visual Studio. The tools includes built-in local sts for testing, Great integration with...
no comments

Http error 405 when calling STS

יום ראשון, מרץ 18, 2012

I wrote a simple example for demonstrating delegation with Windows Identity Framework (WIF). I created a simple web site that used a simple custom STS for authentication. The web site called another web service to calculate a simple calculation (calculator). The web site used passive federation using a simple STS. SOAP Web service in general can only use passive federation for authentication, so I created another WCF custom STS. The idea was that the web application will obtain an act-as token from the active STS using the token it received from the...
tags: , ,

Convert SAML token to SWT token using ACS

יום רביעי, נובמבר 16, 2011

In Claim based applications we use token to provide the application (Relying party) with details (a collection of claims) about the the authenticated identity. In web sites and WCF SOAP services SAML tokens are used as a container for the claims. SAML is a standard that describe how token and claims are constructed and how they are cryptographically protected using digital signature and encryption. SAML tokens are powerful yet they are large. The size of the token is not a real issue in ASP.Net web sites as well as in SOAP WCF services but for REST web services...
no comments

ACS Live Demos

יום חמישי, מאי 12, 2011

My friend Alik Levin who works in the identity group pointed me to a list videos containing detailed demos of the Access Control Service. WCF web service that uses ACS with WIF. Securing WCF Services with ACS Web site that uses ACS (with and without WIF) Securing Web Applications with ACS Delegation with ACS. Code Sample: OAuth 2.0 Delegation Integration with ADFS 2.0 How To: Configure...
no comments

ACS Academy Videos

יום שני, מאי 9, 2011

I wrote a lot about claim based Identity and access control. One of the big challenges in claim based access control is the creation of the STS. Fortunately the Azure platform has an offering in this domain – ACS AppFabric ACS Access Control Service implements a full STS in the cloud. It is simple yet powerful. The team created great videos explaining ACS and their integration with WIF. Watch and start using ACS. Manu
no comments

How To Fix WIF Visual Studio 2010 Add-In

יום ראשון, אפריל 3, 2011

I upgraded my Visual Studio 2010 and installed the new SP1, but then I found that "Add STS Reference" is gone. The add-in is in place but it does not work. It took me some time to find the solution: Run the command: devenv /ResetAddin Microsoft.IdentityModel.Tools.VS.VSAddin.FederationAddin Now everything is back to normal. Hope this will help. Manu
tags: ,
no comments

Claim Based Identity Tutorial

יום שלישי, מרץ 8, 2011

Claim based identity is the future of identity management. It is simple, powerful and extensible but the most important reason to use it is the fact that it delegates identity management out of the application. WIF is Microsoft's infrastructure for using Claim Based Identity. (Similar to what is WCF for networking) Recently an excellent Training Kit was released about WIF and the integration of WIF with AppFabric Azure ACS. I strongly recommend to download read and learn. Manu
no comments