Clarity, Technology, and Solving Problems | PracticeThis.com
WP7 App with Key Windows Azure resources – Slides, Videos, How-To’s, and T-shooting – for quick consumption on the go.
Windows Identity Foundation (WIF) is a security feature that offers broad functionality. Federated authentication, claims based authorization, token transformation to name a few. But only because WIF is a security feature does not make it secure and safe by default. To improve and strengthen WIF’s security it is useful to understand the threats associated with it and map the countermeasures that mitigates the threats. This is the list of Threats and Countermeasures for claims aware ASP.NET Web Applications distilled from existing WIF documentation. If you have more to add – feel free to submit in comments below.
Threats/Attack/Vulnerability
Countermeasures
Azure AppFabric Access Control Service (ACS) v2 provides powerful feature of token transformation. It gives you ability to transform a token by adding new claims or changing claims that come with the original token. Consider the following generic architecture of ACS:
Notice that the token received from IdP (Identity Provider), colored green, is different from the token received from ACS, colored blue. The transformation is done by ACS and its behavior can be controlled by using Rules and Rule Groups.
Each rule describes specific transformation. Rules are not directly associated with your application. Rules aggregated into Rule Groups, Rule Groups applied to your application (Relying Party). Consider the following diagram:
The process of creating token transformation can be described be as follows:
Volume 1 for Windows Identity Foundation (WIF) Questions & Answers is published. The idea is actively monitor different sources with questions and answers and expose it in coherent easy to find and read Q&A hubs.
This is the first batch of Q&A’s.