Monthly Archives: November 2011

StarterSTS on IIS 6

Sam Huggill wrote a great post on how to get StarterSTS working on IIS 6. Thanks Sam!

Posted in IdentityServer | Leave a comment

Token based Authentication for WCF HTTP/REST Services: Authorization

In the previous post I showed how token based authentication can be implemented for WCF HTTP based services. Authentication is the process of finding out who the user is – this includes anonymous users. Then it is up to the … Continue reading

Posted in IdentityModel, IdentityServer | 2 Comments

Token based Authentication for WCF HTTP/REST Services: The Client

If you wondered how a client would have to look like to work with the authentication framework, it is pretty straightfoward: Request a token Put that token on the authorization header (along with a registered scheme) and make the service … Continue reading

Posted in IdentityModel, IdentityServer | Leave a comment

Token based Authentication for WCF HTTP/REST Services: Authentication

This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. For the theoretical background, see my previous post. Disclaimer The framework I am using/building here is not the only … Continue reading

Posted in IdentityModel, IdentityServer | Leave a comment

Token based Authentication and Claims for Restful Services

WIF as it exists today is optimized for web applications (passive/WS-Federation) and SOAP based services (active/WS-Trust). While there is limited support for WCF WebServiceHost based services (for standard credential types like Windows and Basic), there is no ready to use … Continue reading

Posted in IdentityModel, IdentityServer | Leave a comment

Need WIF Training?

I spend numerous hours every month answering questions about WIF and identity in general. This made me realize that this is still quite a complicated topic once you go beyond the standard fedutil stuff. My good friend Brock and I … Continue reading

Posted in Conferences & Training, IdentityModel, IdentityServer | Leave a comment

Fiddling with ADFS Traffic

ADFS uses SSL extended protection which made observing traffic with Fiddler harder to impossible. Fortunately, this can be fixed – Eric Lawrence writes about it here.

Posted in IdentityModel | Leave a comment

Updated IdentityServer Sample Relying Party

I just uploaded a new version of the sample relying party. The three changes are: Added a session token diagnostics page. This allows to look at cookie sizes, details and the raw contents Sample code to switch to session mode … Continue reading

Posted in IdentityModel, IdentityServer | Leave a comment

Switching to WIF SessionMode in ASP.NET

To make it short: to switch to SessionMode (cache to server) in ASP.NET, you need to handle an event and set a property. Sounds easy – but you need to set it in the right place. The most popular blog … Continue reading

Posted in IdentityModel | 5 Comments