Monthly Archives: February 2010

WCF, WIF and Load Balancing (and a bit of Azure)

Pablo wrote a post yesterday giving some background information on how session tokens are protected in WIF – here some additional info for WCF: The ws* bindings in WCF establish a security session by default (via WS-SecureConversation). This has some … Continue reading

Posted in IdentityModel | 3 Comments

Securing WCF Data Services using WIF

This questions comes up every once in a while.. Since WCF Data Services is just a normal WCF service (using the web programming model), all the typical security APIs and extensibility points apply. That said, depending on your scenario you … Continue reading

Posted in IdentityModel | 1 Comment

Integrating Simple Web Tokens (SWT) with WCF REST Services using WIF

The Simple Web Token (SWT) is a new & simple token format that was created by Microsoft, Google and others. See here for specs. The Azure platform App Fabric Access Control service e.g. uses this token type. Why yet another … Continue reading

Posted in IdentityModel | 2 Comments

Using SAML as a Client Credential Type in WCF (updated to WIF RTM)

A reader has asked me to update the Client SAML sample to WIF RTM (for background and motivation please read here first). The main work was in the SAML security token handler Validate method, this looks now like this: public … Continue reading

Posted in IdentityModel | 1 Comment

StarterSTS V1.0 Beta 1

OK – I finally was able to carve out some time…This is the first feature complete release of the StarterSTS! New features include: client certificate support for WS-Fed and WS-Trust endpoints new relying party configuration allows specifying an explicit reply … Continue reading

Posted in IdentityModel | Leave a comment

Testing Security Code with Moles

I am by far no (unit) testing expert. But I always found it odd that I sometimes have to re-structure code to make it explicitly unit-testable. One typical example is code that relies on some sort of context – e.g. … Continue reading

Posted in Uncategorized | Leave a comment

A Guide to Claims-Based Identity and Access Control

Get it here!!!

Posted in IdentityModel | Leave a comment