Monthly Archives: May 2011

IdentityServer Beta 1 Refresh & Windows Azure Support

I just uploaded two new releases to Codeplex.   IdentityServer B1 refresh A number of bug fixes and streamlined extensibility interfaces. Mostly a result of adding the Windows Azure support. Nothing has changed with regards to setup. Make sure you … Continue reading

Posted in IdentityServer | Leave a comment

Weird 302 Redirects in Windows Azure

In IdentityServer I don’t use Forms Authentication but the session facility from WIF. That also means that I implemented my own redirect logic to a login page when needed. To achieve that I turned off the built-in authentication (authenticationMode=”none”) and … Continue reading

Posted in Azure, IdentityServer | Leave a comment

Access Control Service: Handling Errors

Another common problem with external authentication is how to deal with sign in errors. In active federation like WS-Trust there are well defined SOAP faults to communicate problem to a client. But with web applications, the error information is typically … Continue reading

Posted in IdentityModel | Leave a comment

Access Control Service: Home Realm Discovery (HRD) Gotcha

I really like ACS2. One feature that is very useful is home realm discovery. ACS provides a Nascar style list as well as discovery based on email addresses. You can take control of the home realm selection process yourself by … Continue reading

Posted in Azure, IdentityModel | Leave a comment

Access Control Service: Walkthrough Videos of Web Application, SOAP, REST and Silverlight Integration

Over the weekend I worked a little more on my ACS2 sample. Instead of writing it all down, I decided to quickly record four short videos that cover the relevant features and code. Have fun ;) Part 1 – Overview … Continue reading

Posted in IdentityModel | Leave a comment

Requesting Delegation (ActAs) Tokens using WSTrustChannel (as opposed to Configuration Madness)

Delegation using the ActAs approach has some interesting security features A security token service can make authorization and validation checks before issuing the ActAs token. Combined with proof keys you get non-repudiation features. The ultimate receiver sees the original caller … Continue reading

Posted in IdentityModel | 2 Comments

Access Control Service v2: Registering Web Identities in your Applications [code]

You can download the full solution here. The relevant parts in the sample are: ConfigurationI use the standard WIF configuration with passive redirect. This kicks automatically in, whenever authorization fails in the application (e.g. when the user tries to get … Continue reading

Posted in IdentityModel | Leave a comment