Alik Levin's

Browse by Tags

Web Services Over SSL - Is It Really That Slow Like They Say?: My answer is "no" . I am working on solution where there is no Windows Active Directory Domain so we cannot utilize our beloved Kerberos and Windows Integrated Authentication saving big on configuration and management while taking advantage of increased Read More...
Posted 01 August 07 03:35 by alikl | 2 Comments
Filed under Security, Development Phase, Implementation, Deployment Phase, Performance, Authentication, Planning Phase
T-Shooting Kerberos: I was delivering "Authentication Explained" session for Security User Group. First off - thanks for attending the session! The session was based on "Authentication Explained" workshop . During the session I was demoing the following topics: Identity Flow Read More...
Posted 04 July 07 10:16 by alikl | 2 Comments
Filed under Test Phase, Security, Implementation, Deployment Phase, Practices, Authentication
SOA, Strong Authentication, Standard Authorization - Cool Solution: reposted from here I've previously blogged about SOA Security Inside Enterprise walls This time I had couple of pretty interesting requirements from one customer that targeted B2B/Partners scenario. They had a web site that communicates to partner's web Read More...
Posted 30 May 07 01:45 by alikl | 7 Comments
Filed under Security, Development Phase, Implementation, Authentication
Adding Shared SNK File In Visual Studio 2005: “Prior to Microsoft Visual C# 2005, you specified the key file using CLR attributes in source code. These attributes are now deprecated . Beginning in Microsoft Visual C# 2005, you should use the Signing Page of the Project Designer or the Assembly Linker Read More...
Posted 16 April 07 03:24 by alikl | 1 Comments
Filed under Security, Development Phase, CAS, Implementation, Authentication
Authentication Hub: Windows Authentication Identity Flow Through Physical Tiers Identity Flow Through Physical Tiers - Impersonation Identity Flow Through Physical Tiers - Delegation Identity Flow Through Physical Tiers - Protocol Transition Certificates Different Ways To Read More...
Posted 11 April 07 09:04 by alikl | 8 Comments
Filed under Security, Implementation, Authentication
Identity Flow Through Physical Tiers - Protocol Transition: If these articles: How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0 Using Protocol Transition—Tips from the Trenches are your friends then do not waste your time on this post, please. The scenario is the same where user sits behind Read More...
Posted 10 April 07 01:27 by alikl | 3 Comments
Filed under Security, Development Phase, Implementation, Authentication
Basic Steps To Make ASP.NET Web Site CardSpace Aware: From short investigation and a lot of information from Richard Turner's screencasts Here is what I get. To make my ASP.NET app I need: Write ASP.NET server side code to validate the token that holds end user's data, further processing might include checking Read More...
Posted 09 April 07 01:26 by alikl | 1 Comments
Filed under Security, Implementation, Authentication, Vista, IIS 7, CardSpace
Identity Flow Through Physical Tiers - Delegation: If these articles: How To: Implement Kerberos Delegation for Windows 2000 How To: Use Impersonation and Delegation in ASP.NET 2.0 Credentials and Delegation are your friends then do not waste your time on this post, please. I have still the same scenario Read More...
Posted 08 April 07 05:53 by alikl | 3 Comments
Filed under Security, Development Phase, Implementation, Authentication
Identity Flow Through Physical Tiers - Impersonation: There are scenarios where actual windows identity of end user needs to be flowed to the server so that server can perform action on end user's behalf - that is in nutshell Impersonation. In previous post Identity Flow Through Physical Tiers - one might Read More...
Posted 06 April 07 07:54 by alikl | 7 Comments
Filed under Security, Development Phase, Implementation, Authentication
Identity Flow Through Physical Tiers: Identity story with .Net really rocks, but along with great extensibility it also brings a lots of confusion ( One Identity - Many Faces :IIdentity ). I am building now workshop for developers that concentrates on authentication only. It talks about concepts, Read More...
Posted 05 April 07 10:23 by alikl | 4 Comments
Filed under Security, Development Phase, Implementation, Authentication
Different Ways To Get Hold On Certificates - Net FX 1.1, 2.0: Net FX 1.1: First, one need to export certificate to file (no private keys exported), from http://msdn2.microsoft.com/en-us/library/aa302408.aspx // TODO: Replace with a valid path to your certificate string certPath = @"C:\WSClientCert.cer" // create Read More...
Posted 30 March 07 09:41 by alikl | 1 Comments
Filed under Security, Development Phase, Implementation, Authentication

Search

This Blog

Home
Email

follow me on Twitter

Books I recommend

The 22 Immutable Laws of Branding

The 21 Irrefutable Laws of Leadership: Follow Them and People Will Follow You

The 4-Hour Workweek: Escape 9-5, Live Anywhere, and Join the New Rich

Raving Fans: A Revolutionary Approach To Customer Service

The Tipping Point: How Little Things Can Make a Big Difference

The Leadership Pill: The Missing Ingredient in Motivating People Today

The Handbook of Emotionally Intelligent Leadership: Inspiring Others to Achieve Results

The Power of Full Engagement: Managing Energy, Not Time, is the Key to High Performance and Personal Renewal

Overachievement: The New Model for Exceptional Performance

The Dream Manager

Swim with the Sharks Without Being Eaten Alive: Outsell, Outmanage, Outmotivate, and Outnegotiate Your Competition

Weinberg on Writing: The Fieldstone Method

Gemba Kaizen: A Commonsense, Low-Cost Approach to Management

The One Minute Manager

Kaizen: The Key To Japan’s Competitive Success

Secrets of Consulting: A Guide to Giving and Getting Advice Successfully

The Dip: A Little Book That Teaches You When to Quit (and When to Stick)

Tags

Agile

AJAX

Application Lifecycle Management

Architecture

Auditing and Logging

Authentication

Authorization

Azure

CardSpace

CAS

Code Inspection

Consulting

Deployment Inspection

Deployment Phase

Development Phase

End User

Exception Handling

Fuzzing

IIS 7

Implementation

Inception Phase

Information Gathering

Input Validation

Interop

MVC

Operations

Performance

Planning Phase

Practices

Reflection

Security

Sensitive Data

SharePoint

Test Phase

Threading

Threat Modeling

Tools

Video

Vista

VSTS

WCF

Archives

June 2009 (4)

May 2009 (4)

April 2009 (2)

March 2009 (7)

February 2009 (8)

December 2008 (2)

November 2008 (9)

October 2008 (6)

September 2008 (4)

August 2008 (1)

July 2008 (7)

June 2008 (5)

May 2008 (4)

April 2008 (4)

March 2008 (3)

February 2008 (3)

January 2008 (10)

December 2007 (6)

November 2007 (4)

October 2007 (11)

September 2007 (4)

August 2007 (6)

July 2007 (8)

June 2007 (3)

May 2007 (21)

April 2007 (25)

March 2007 (25)

. My Personal Blog .

Practice This

.Net Performance How To's

Improving .NET Application Performance and Scalability

Exceptional Performance

Performance Testing Guidance How-To's

Fiddler PowerToy - Part 2: HTTP Performance

Performance Testing with Fiddler

Bottleneck-Detection Counters

Troubleshooting Performance Problems in SQL Server 2005

Performance Frame - v2

12 Steps To Faster Web Pages With Visual Round Trip Analyzer

.Net Security How To's

patterns & practices Security How To's Index

ASP.NET 2.0 Security Questions and Answers

Tamper detection

Authentication Hub

VSTS Resources

Architecture and Design checklists

Securing Sites with IP Address Restrictions

WCF - XSD validation for WCF services

WCF - Message Inspectors

Using Credential Management in Windows XP and Windows Server 2003

WCF - Common Security Scenarios

WCF - Authorization

Validating XML Data with XmlReader

Input Validation - XML Data

Validation - Web Client Software Factory

patterns & practices WCF Security Application Scenarios

Microsoft Identity and Access Management Series

Design Patterns

data & object factory

Yahho Design Pattern Library

Sample .Net 3.0 app

Application Architecture for .NET: Designing Applications and Services

Litware HR - A Multitenant sample application

Microsoft .NET Pet Shop 4.0

Responsive Composite Web Client Reference Implementation

Table of Contents: Introduction to CAB/SCSF

ASP.NET Quickstarts

Microsoft Identity and Access Management Series

Software design patterns

Impactful

Super Size Me

Billy Eliot

The Legend of 1900

The Terminal

The Counterfeiters

Lifecycle Phases

5. Deployment Phase

3. Development Phase

4. Test Phase

1. Inception Phase

2. Planning Phase

Popular

My Favorite Shortcuts

My Pipeline Is My Inbox

Security .Net Code Inspection Using Outlook 2007

Security Code Inspection - Eternal Search For SQL Injection

.Net Assembly Spoof Attack

Code Inspection - First Look For What To Look For

How To Hack WCF - New Technology, Old Hacking Tricks

Generate Documents Out Of Mail Items Directly From Outlook 2007

ARCast With Ron Jacobs - Defending the Application

How to Use Outlook 2007 RSS To Effectively Aggregate And Distill Information

Tools

Fiddler2 Web Debugger - Freeware HTTP(S) debugging tool

Microsoft Network Monitor 3

FxCop Team Page

Microsoft Threat Analysis & Modeling

Windows Sysinternals tools

Log Parser 2.2

p&p Practices Checker - performance

Microsoft ® Windows Server ™ 2003 Performance Advisor

Ajax View

WCat 6.3 (x86)

Funnel Web Analyzer 5.0 for Windows

Syndication

RSS 2.0

Atom 1.0

© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement