Contents tagged with Security
Before going on with my other posts I want to introduce you claims-based authentication that makes is way to almost all Microsoft web-based platforms around. It is more complex than old username-password method but also more secure and general. In this posting I will give you short and not very technical overview about claims-based authentication.
Last Christmas I blogged about how to make ASP.NET MVC users authorized only if they have profiles created. This works well on public sites where everybody can be user. Sometimes we don’t want to let all users to our system even when they were correctly authenticated by some authentication service. In this blog post I will show you how to create authorization attribute that you can use to make authenticated users insert their access code if it is their first visit to site.
This is my first webcast on Windows Identity Foundation (WIF) and it will give you brief overview of this technology. I will tell you about how I found WIF, what is claims-based authentication, what tools are available and how you can use WIF in your systems. This is no-code overview and you can expect demos and code from my next WIF webcasts.
NB! This is my first webcast I have ever made so please forgive me if it is not as professional as you may expect. I hope you will still enjoy it :)
If you cannot see video then click here: Windows Identity Foundation - Part I: Introduction
I would really appreciate if you give me feedback about this webcast. All feedback – positive or negative – is very welcome as I really want to improve my skills on making great webcasts. Feel free to leave me your feedback here as comments of this post.
Here you can find resources related to my Windows Identity Foundation series.
PowerPoint 2010 | 1453 KB
- Windows Identity Foundation @ MSDN
- System.IdentityModel documentation
- Windows Identity Foundation documentation
- Windows Identity Foundation reference
- Here is list of supported standard available
- Windows Identity Foundation SDK
- Windows Identity Foundation
- Identity Developer Training Kit
- Access Control Service Samples and Documentation (Labs)
I am building ASP.NET MVC application that uses external services to authenticate users. For ASP.NET users are fully authenticated when they are redirected back from external service. In system they are logically authenticated when they have created user profiles. In this posting I will show you how to force ASP.NET MVC controller actions to demand existence of custom user profiles.
If you are using AppFabric Access Control Services to authenticate users when they log in to your community site using Live ID, Google or some other popular identity provider, you need more than AuthorizeAttribute to make sure that users can access the content that is there for authenticated users only. In this posting I will show you hot to extend the AuthorizeAttribute so users must also have user profile filled.
In my last posting about AppFabric Labs Access Control Service I described how to get your ASP.NET MVC application to work with ACS. In this posting I will dig deeper into tokens and claims and provide you with some helper methods that you may find useful when authenticating users using AppFabric ACS. Also I will explain you little dirty secret of Windows Live ID.
In my last posting I introduced my idea about common membership provider for ASP.NET that is able to support multiple authentication providers. Before writing membership provider we need support for some authentication providers to get an better idea how to use them together. In this posting I will introduce you how to use OAuth protocol with Twitter.
I am trying to implement form based authentication (FBA) membership provider that is able to support multiple authentication mechanisms. Take it as an self-training experiment. In this posting I will introduce bases of my experiment and introduce my current plans and ideas.