Monthly Archives: August 2007

Certificate based Authentication and WCF (Mode independent)

My third approach for restricting trust when using client certificates works for transport and message security. Furthermore it does not involve any OS level configuration. WCF has a piece of plumbing called the Service Authorization Manager. The SAM gets called on … Continue reading

Posted in WCF | Leave a comment

Certificate based Authentication and WCF (Transport Security)

When using SSL you need to set up a Certificate Trust List (CTL) for the listener port. In the CTL you can define which issuers to trust. CTLs are very low level and are used during the inital SSL handshake. … Continue reading

Posted in WCF | Leave a comment

Good Article on System.IdentityModel

Keith wrote a good intro to the identity model APIs in .NET 3.0 here. Recommended. A lot of people think that System.IdentityModel is somehow tied to WCF - this is not the case – it is a general API which happens … Continue reading

Posted in WCF | Leave a comment

Certificate based Authentication and WCF (Message Security)

When using message security, the intended way to validate an incoming credential (== token) is a token validator. You can find several internal validators in the System.IdentityModel.Selectors namespace (e.g. for UserName, X.509 or Windows tokens). The X509 token validators gets called whenever … Continue reading

Posted in WCF | 2 Comments

Live ID and Information Cards – just good friends…

Read more here and here. finally.  

Posted in Uncategorized | Leave a comment

Certificate based Authentication and WCF

Certificate based authentication with WCF has two components – configuring credentials and determining trust. The first part is easy - you simply set the clientCredentialType in the binding’s security configuration to Certificate. This means that WCF will demand that the client … Continue reading

Posted in Uncategorized | Leave a comment

Guidance on User and Password Management

The ACE blog has a good checklist on the above topic. Something to have around when implementing the next password based system.  

Posted in Uncategorized | Leave a comment