Monthly Archives: October 2008

Geneva is the new WCF Security

Posted on October 31, 2008 by Dominick Baier

Geneva has evolved to not only a an extension to WCF/ASP.NET for STS/token related things – it also changes how base WCF security works – to the better IMO. Let me give you an example: Trusted certificate issuersWhen doing client … Continue reading

Posted in IdentityModel, WCF | Leave a comment

Geneva is the new Zermatt (and much more)

Posted on October 27, 2008 by Dominick Baier

Starting with the PDC release, Microsoft’s identity framework is now code-named “Geneva Framework”. Based on that framework, there is also a product called “Geneva Server” that brings the ADFS 1.x type of functionality (and more) to the web services/WS-Trust/CardSpace world. … Continue reading

Posted in ASP.NET, IdentityModel, WCF | Leave a comment

Token Kidnapping (revisited)

Posted on October 16, 2008 by Dominick Baier

It’s been a while since I linked to Cesar Cerrudo’s slide deck about token kidnapping. Now there is also a POC available (with samples how to use it from SQL Server and IIS). There is also some movement at MS … Continue reading

Posted in Uncategorized | Leave a comment

Getting rid of the .svc Extension in IIS

Posted on October 15, 2008 by Dominick Baier

Jon posted a module that does this. I recently tried to use the URL rewriting module for IIS 7 to achieve the same – this rule worked for me: <system.webServer>  <rewrite>    <rules>      <rule name=“Remove .svc“>        <match url=“^([0-9a-zA-Z-]+)/([0-9a-zA-Z-./()]*)“ />        <action type=“Rewrite“                … Continue reading

Posted in WCF | Leave a comment

CardSpace is…

Posted on October 9, 2008 by Dominick Baier

I often get the Question: “What is CardSpace?” While there is a whole philosophical side to CardSpace (or similar products) – the technical and pragmatic answer is: “CardSpace is a graphical client for security token services built into Windows” (or … Continue reading

Posted in IdentityModel | Leave a comment