Monthly Archives: September 2008

MSDN Article about WCF Service Authorization

Christian and I have written an article about the authorization infrastructure in WCF. It covers roles- and claims-based authorization and how to customize both. Enjoy. online now – sorry for the confusion)

Posted in IdentityModel, WCF | Leave a comment

Certificate-backed InfoCards and Service Credential Negotiation

When trying to implement certificate backed managed InfoCards you might run into this slightly misleading error message: “There was a failure making a WS-Trust exchange with an external application. Could not retrieve token from identity provider. Inner Exception: SOAP security … Continue reading

Posted in IdentityModel | Leave a comment

ASP.NET Controls and Output Encoding

The last two days I did an ASP.NET security training for a customer. One discussion was how ASP.NET control handle (or don’t) output encoding – especially how inconsistent their behavior is. Five minutes ago I found this post by Alex … Continue reading

Posted in ASP.NET | Leave a comment

Zermatt: Source Code for FormsAuth STS

I got several requests to publish the full source of the FormsAuth STS I described here. Find it here. The setup is just like the passive STS/RP samples in the SDK. HTH  

Posted in IdentityModel | Leave a comment