Monthly Archives: September 2008

MSDN Article about WCF Service Authorization

Posted on September 20, 2008 by Dominick Baier

Christian and I have written an article about the authorization infrastructure in WCF. It covers roles- and claims-based authorization and how to customize both. Enjoy. http://msdn.microsoft.com/en-us/magazine/cc948343.aspx(back online now – sorry for the confusion)

Posted in IdentityModel, WCF | Leave a comment

Certificate-backed InfoCards and Service Credential Negotiation

Posted on September 14, 2008 by Dominick Baier

When trying to implement certificate backed managed InfoCards you might run into this slightly misleading error message: “There was a failure making a WS-Trust exchange with an external application. Could not retrieve token from identity provider. Inner Exception: SOAP security … Continue reading →

Posted in IdentityModel | Leave a comment

ASP.NET Controls and Output Encoding

Posted on September 10, 2008 by Dominick Baier

The last two days I did an ASP.NET security training for a customer. One discussion was how ASP.NET control handle (or don’t) output encoding – especially how inconsistent their behavior is. Five minutes ago I found this post by Alex … Continue reading →

Posted in ASP.NET | Leave a comment

Zermatt: Source Code for FormsAuth STS

Posted on September 3, 2008 by Dominick Baier

I got several requests to publish the full source of the FormsAuth STS I described here. Find it here. The setup is just like the passive STS/RP samples in the SDK. HTH

Posted in IdentityModel | Leave a comment

Monthly Archives: September 2008

MSDN Article about WCF Service Authorization

Certificate-backed InfoCards and Service Credential Negotiation

ASP.NET Controls and Output Encoding

Zermatt: Source Code for FormsAuth STS

Recent Posts

Categories

Tweets

Feed

Archives