Monthly Archives: February 2012

Preview: Authentication Framework and Claims-based Identity for ASP.NET WebApi

I have moved this to the new ASP.NET WebApi. I am pretty happy with it! You can download the work in progress here: https://github.com/leastprivilege/ASP.NET-WebApi-Security HTH

Posted in IdentityModel, WebAPI | 2 Comments

SharePoint Web Service, ADFS and StarterSTS/IdentityServer

Another nice piece from Sam! thanks! http://www.huggill.com/2012/02/04/claims-proxy-a-c-sharp-library-for-calling-claims-protected-web-services/

Posted in IdentityModel, IdentityServer | Leave a comment

StarterSTS hits 10k downloads

Thanks to all who downloaded, tested and improved StarterSTS. We just hit 10k downloads.   Now it is time to move on. Please use IdentityServer from now on, as StarterSTS will not be maintained anymore. Have fun!

Posted in IdentityModel, IdentityServer | Leave a comment

IdentityServer v1.0.1 On-Premise and Azure Edition

I just uploaded the final Azure Edition as well as a combined Azure and on-premise source package to Codeplex. http://identityserver.codeplex.com/releases I am also in the process of building a wiki for documentation – it is not done yet – but … Continue reading

Posted in IdentityModel, IdentityServer | Leave a comment

Web Apps vs Web Services: 302s and 401s are not always good Friends

It is not very uncommon to have web sites that have web UX and services content. The UX part maybe uses WS-Federation (or some other redirect based mechanism). That means whenever an authorization error occurs (401 status code), this is … Continue reading

Posted in IdentityModel | Leave a comment

Replacing ASP.NET Forms Authentication with WIF Session Authentication (for the better)

ASP.NET Forms Authentication and WIF Session Authentication (which has *nothing* to do with ASP.NET sessions) are very similar. Both inspect incoming requests for a special cookie that contains identity information, if that cookie is present it gets validated and if … Continue reading

Posted in ASP.NET, IdentityModel | 12 Comments

Mixing Forms and Token Authentication in a single ASP.NET Application (the Details)

The scenario described in my last post works because of the design around HTTP modules in ASP.NET. Authentication related modules (like Forms authentication and WIF WS-Fed/Sessions) typically subscribe to three events in the pipeline – AuthenticateRequest/PostAuthenticateRequest for pre-processing and EndRequest … Continue reading

Posted in IdentityModel | 5 Comments

Mixing Forms and Token Authentication in a single ASP.NET Application

I recently had the task to find out how to mix ASP.NET Forms Authentication with WIF’s WS-Federation. The FormsAuth app did already exist, and a new sub-directory of this application should use ADFS for authentication. Minimum changes to the existing … Continue reading

Posted in ASP.NET, IdentityModel | 3 Comments