Contents tagged with Security
-
What is claims-based authentication?
Before going on with my other posts I want to introduce you claims-based authentication that makes is way to almost all Microsoft web-based platforms around. It is more complex than old username-password method but also more secure and general. In this posting I will give you short and not very technical overview about claims-based authentication.
-
ASP.NET MVC: How to implement invitation codes support
Last Christmas I blogged about how to make ASP.NET MVC users authorized only if they have profiles created. This works well on public sites where everybody can be user. Sometimes we don’t want to let all users to our system even when they were correctly authenticated by some authentication service. In this blog post I will show you how to create authorization attribute that you can use to make authenticated users insert their access code if it is their first visit to site.
-
Webcast: Brief introduction to Windows Identity Foundation
This is my first webcast on Windows Identity Foundation (WIF) and it will give you brief overview of this technology. I will tell you about how I found WIF, what is claims-based authentication, what tools are available and how you can use WIF in your systems. This is no-code overview and you can expect demos and code from my next WIF webcasts.
-
ASP.NET and WIF: Showing custom profile username as User.Identity.Name
I am building ASP.NET MVC application that uses external services to authenticate users. For ASP.NET users are fully authenticated when they are redirected back from external service. In system they are logically authenticated when they have created user profiles. In this posting I will show you how to force ASP.NET MVC controller actions to demand existence of custom user profiles.
-
ASP.NET MVC: Using ProfileRequiredAttribute to restrict access to pages
If you are using AppFabric Access Control Services to authenticate users when they log in to your community site using Live ID, Google or some other popular identity provider, you need more than AuthorizeAttribute to make sure that users can access the content that is there for authenticated users only. In this posting I will show you hot to extend the AuthorizeAttribute so users must also have user profile filled.
-
Identifying AppFabric Access Control Service users uniquely
In my last posting about AppFabric Labs Access Control Service I described how to get your ASP.NET MVC application to work with ACS. In this posting I will dig deeper into tokens and claims and provide you with some helper methods that you may find useful when authenticating users using AppFabric ACS. Also I will explain you little dirty secret of Windows Live ID.
-
Adding Twitter authentication support to ASP.NET application
In my last posting I introduced my idea about common membership provider for ASP.NET that is able to support multiple authentication providers. Before writing membership provider we need support for some authentication providers to get an better idea how to use them together. In this posting I will introduce you how to use OAuth protocol with Twitter.
-
Planning common membership provider for different authentication providers
I am trying to implement form based authentication (FBA) membership provider that is able to support multiple authentication mechanisms. Take it as an self-training experiment. In this posting I will introduce bases of my experiment and introduce my current plans and ideas.