Monthly Archives: May 2011

IdentityServer Beta 1 Refresh & Windows Azure Support

I just uploaded two new releases to Codeplex.   IdentityServer B1 refresh A number of bug fixes and streamlined extensibility interfaces. Mostly a result of adding the Windows Azure support. Nothing has changed with regards to setup. Make sure you … Continue reading

Posted in IdentityServer | Leave a comment

Weird 302 Redirects in Windows Azure

In IdentityServer I don’t use Forms Authentication but the session facility from WIF. That also means that I implemented my own redirect logic to a login page when needed. To achieve that I turned off the built-in authentication (authenticationMode=”none”) and … Continue reading

Posted in Azure, IdentityServer | Leave a comment

Access Control Service: Handling Errors

Another common problem with external authentication is how to deal with sign in errors. In active federation like WS-Trust there are well defined SOAP faults to communicate problem to a client. But with web applications, the error information is typically … Continue reading

Posted in IdentityModel | Leave a comment

Access Control Service: Home Realm Discovery (HRD) Gotcha

I really like ACS2. One feature that is very useful is home realm discovery. ACS provides a Nascar style list as well as discovery based on email addresses. You can take control of the home realm selection process yourself by … Continue reading

Posted in Azure, IdentityModel | Leave a comment

Access Control Service: Walkthrough Videos of Web Application, SOAP, REST and Silverlight Integration

Over the weekend I worked a little more on my ACS2 sample. Instead of writing it all down, I decided to quickly record four short videos that cover the relevant features and code. Have fun ;) Part 1 – Overview … Continue reading

Posted in IdentityModel | Leave a comment

Requesting Delegation (ActAs) Tokens using WSTrustChannel (as opposed to Configuration Madness)

Delegation using the ActAs approach has some interesting security features A security token service can make authorization and validation checks before issuing the ActAs token. Combined with proof keys you get non-repudiation features. The ultimate receiver sees the original caller … Continue reading

Posted in IdentityModel | 2 Comments

Access Control Service v2: Registering Web Identities in your Applications [code]

You can download the full solution here. The relevant parts in the sample are: ConfigurationI use the standard WIF configuration with passive redirect. This kicks automatically in, whenever authorization fails in the application (e.g. when the user tries to get … Continue reading

Posted in IdentityModel | Leave a comment

Access Control Service v2: Registering Web Identities in your Applications [concepts]

ACS v2 support two fundamental types of client identities– I like to call them “enterprise identities” (WS-*) and “web identities” (Google, LiveID, OpenId in general…). I also see two different “mind sets” when it comes to application design using the … Continue reading

Posted in IdentityModel | Leave a comment

Thinktecture.IdentityServer Beta 1

I just upload beta 1 to codeplex. Please test this version and give me feedback. Some quick notes on setup Watch the intro screencast on the codeplex site. Use the setup tool to set the signing and SSL certificate. You … Continue reading

Posted in IdentityServer | Leave a comment

Small Gotcha when Adding ADFS as an Identity Provider in ACS v2

It turns out that ACS v2 currently supports two “types” of signing certificates for identity providers: self signed certificates certificates that chain up to a trusted root (from Microsoft’s perspective), e.g. VeriSign In other words, when you use a signing … Continue reading

Posted in IdentityModel | Leave a comment