Category Archives: Uncategorized

TechEd:Developer in Barcelona this year will be the first TechEd ever that has a “physical” security track. That’s great. There are great speakers and interesting sessions on this track, e.g. Michael Howard (SDL, Threat Modeling), Keith Brown (identity, claims and … Continue reading →

Ever wondered how exactly the RP identity is “calculated” for EV and non EV certs? Get the details here. Just search for “OrgIdBytes”.  

Important change to CardSpace in .NET 3.5 – read the details here.  

Read more here and here. finally.  

Certificate based authentication with WCF has two components – configuring credentials and determining trust. The first part is easy – you simply set the clientCredentialType in the binding’s security configuration to Certificate. This means that WCF will demand that the client … Continue reading →

The ACE blog has a good checklist on the above topic. Something to have around when implementing the next password based system.  

..is the title of an article by Christian, Steve and me. Online and in the September issue of MSDN Magazine. Enjoy.  

The question how to setup a custom principal in WCF services comes up every once in a while. Since it is not obvious how this works, I knocked up a little walkthrough and a boilerplate sample. Principal Permission ModeWCF has … Continue reading →

OK – so I settled for a final name (since the control also works for other identity selectors than CardSpace this is more appropriate) and resetted the version. There are only minor (but breaking) changes to the last version I … Continue reading →

Daniel currently publishes an internal Microsoft feed on his blog. Excellent information about ASP.NET internals like process models, dynamic compilation and the pipeline (more to come). Recommended!