March 2006 - Posts
A little late (voting ends today at 5:00 pm), but I have submitted a Birds of a Feather (BoF) session for TechEd 2006:
Developing as a Non-Administrator with XP and Vista
There has been lots of talk lately about the importance of running and developing software with least privilege accounts (LUA). Unfortunately, there are many developers who still run as Administrators on Windows XP and 2003 because it is either difficult to make the shift or just easier to develop that way. As a result, newly created software may only run when users are Administrators. This can cause problems for users who have to run software as a Non-Administrator. Also, Windows Vista promises to change things for better security with User Account Control (UAC). This session will provide a forum for developers to discuss the challenges of developing as a Non-Administrator with current Windows XP and 2003 environments as well as using the new UAC features in Windows Vista.
Intended Audience: Developer
Submitted By: Robert Hurlbut, Hurlbut Consulting, Inc.
Please go vote here
if this sounds interesting to you. I know some members of the Vista UAC
team will probably be there (they are presenting a couple of sessions on UAC at TechEd) plus a few others with lots of experience on this topic. It should be a great discussion.
This is great news! The much awaited (by myself and many others) release of Rotor 2.0 has been released. Get it here.
Here is what is new:
- Full support for Generics.
- New C# 2.0 features like Anonymous Methods, Anonymous Delegates and Generics
- BCL additions.
- Lightweight Code Generation (LCG).
- Stub-based dispatch.
- Numerous bug fixes.
Enjoy! [Found by way of Jan Kotas on the Rotor team]
Over the past couple of weeks, I have been working on understanding some of the latest options available for Windows Communication Foundation (WCF) and Federation security. In particular, I have looked at Kerberos authentication (where your Active Domain serves as your Secure Token Server (STS)) to give you seamless Single-Sign On (SSO). But, how do you leverage SSO if your users are outside of your domain? There are a couple of options:
1. WSFederationHttpBinding (renamed from WSFederationBinding in the Feb CTP to make it clear this only works over HTTP)
2. Active Directory Federation Services (ADFS)
ADFS looks pretty straight forward, but may be too heavy for what I was interested in doing. Today, I found this great simple example "Implementing a Secure token service with WCF" by Pablo M. Cibraro[found by way of Sam Gentile]. Pablo uses the username token for client authentication and an X509 certificate to encrypt and sign the server token.