Monthly Archives: March 2008

Using Information Cards in ASMX Web Services

As I wrote here – an Information Card token is just a string. This means that (with the help of some extra plumbing) you can seamlessly integrate cards into “legacy” technologies. Here’s a sample walkthrough for ASMX web services. To … Continue reading

Posted in ASP.NET, IdentityModel | Leave a comment

Using IdentityModel: Some Samples

Here are some typical usage scenario of IdentityPrincipal in ASP.NET. Simple IsInRole calls (checks for a status claim with a value of ‘Gold’): HttpContext.Current.User.IsInRole(“Gold”);   Retrieving the OrderHistory claim: IdentityPrincipal ip = IdentityPrincipal.Current;Claim orderHistory = ip.ClaimSets.FindClaim(  Constants.OrderHistoryClaimType,   Constants.ApplicationIssuerIdentityClaim); var … Continue reading

Posted in ASP.NET, IdentityModel, WCF | Leave a comment

LINQ to SQL and Security

I don’t know how many SQL injection demos I did in my life – and it is still surprising (or shocking rather) how many people don’t know about this. It is even more surprising how many people fight for their … Continue reading

Posted in Uncategorized | Leave a comment

Using IdentityModel: Adding ASP.NET Support Part 2 (Claims Manager)

The last step for integrating claims into ASP.NET is to write a module that loads authorization policies, creates an AuthorizationContext and persists that on Context.User/Thread.CurrentPrincipal. My module has this simple configuration section: <claimsManager enabled=“true“               addAuthenticationClaims=“true“               roleClaimType=“urn:leastprivilege/claims/customers/status“>  <authorizationPolicies>    <policy type=“LeastPrivilege.CustomerIdAuthorizationPolicy, App_Code“ … Continue reading

Posted in ASP.NET, IdentityModel | Leave a comment

Using IdentityModel: Adding ASP.NET Support Part 1 (Authentication based Claims)

Adding claims support to ASP.NET is a perfect candidate for an HTTP module. As a reminiscence to RoleManager, I called mine ClaimsManager. The job of the claims manager is this: Creating claims based on the technical authentication details (Windows, Forms, … Continue reading

Posted in ASP.NET, IdentityModel | Leave a comment

Using IdentityModel: IdentityPrincipal

Since V1 of .NET there is a “slot” to store authorization information about the current user: Thread.CurrentPrincipal. This data gets propagated to newly created threads and is deeply integrated into other application frameworks like ASP.NET. To integrate claims into ASP.NET … Continue reading

Posted in ASP.NET, IdentityModel, WCF | Leave a comment

General Failure when pinging the local Machine Name

I have this strange problem that when I ping my local machine name, I get a General Failure. Forcing the ping to IPv4 with the /4 option works. I could live with that, but another side effect is that opening … Continue reading

Posted in Uncategorized | Leave a comment