Tips, tricks and other animals

Background We all know the following limitations about Windows Identity Foundation (WIF) and passive (browser) federation protocols, right? WIF does not support SAML2.0 protocol (SAML2P) There is a WIF extension out there to support SAML2P but it is a...

Background Is it possible to secure a website using Windows Identity Foundation (WIF) without interfering with an existing authentication method? e.g. – Could a website secured using an ASP.NET membership provider, with all the code and configuration...

My team recently encountered an issue at a Relying Party website where identity impersonation in combination with ADFS authentication and the Claims to Windows Token service (C2WTS) fails after an IIS reset is performed. Reproducing the problem The problem...

On a recent project I was tasked with securing an ASP.NET MVC site using ADFS. There was also a requirement to flow the end-user identity down through the various tiers, necessitating the use of Kerberos Constrained Delegation (KCD). In order to achieve...

In this article I will demonstrate how to write a token handler for a custom token in Windows Identity Foundation (WIF). The likely circumstances for requiring a new token type are: The token type is pre-existing and needs to be federated The new token...

It is a perfectly normal scenario for claims to be optional in a token. For example, a SAML assertion may contain the mandatory claims: http://www.contoso.com/claims/givenname http://www.contoso.com/claims/surname and optionally the claim: http://www...

This post covers the steps required to secure communication between a WCF client and a WCF data service using mutual certificate authentication. The client/service topology is depicted below: Both the client and server run on a Windows Server 2008 R2...

Hi all I am having great fun playing with this toolkit to see how WP7 apps can be properly secured using the Azure Access Control Service (ACS). I hit a couple of problems while trying to create a new 'Windows Phone Cloud Application' project in...

Using the IXmlSerializable interface, create a class that will serialize XML to be exactly the same as the following: < ns1:Root xmlns:ns1 ="urn:myrootnamespace" > < ns2:child xmlns:ns2 ="urn:mychildnamespace" > < ns2...

In the course of enabling WCF services using Windows authentication, you may have hit this error. A Bing search will show that there are a myriad of reasons as to why this might occur. However, before you get bogged down in the complexities of WCF bindings...

Keep an eye out for this one if you have SQL jobs with particularly long step names (approaching 128 characters). This is a "won't fix" but there is a workaround: https://connect.microsoft.com/SQLServer/feedback/details/560760/sql-agent-reports-truncation...

In a recent ADFS deployment to Windows 2008R2 we accidentally deleted the ADFS NT service account user (don't ask). Thinking it would simply be a matter of uninstalling ADFS and reinstalling we went ahead and tried. However, we hit the problem that the...

Ever wanted to debug the .NET Framework itself? Here's how: http://blogs.msdn.com/b/mcsuksoldev/archive/2010/09/09/debugging-the-net-framework-source-code.aspx Later. Brad

I have been doing some proof of concept work of late on privacy and minimal information disclosure in federated scenario's. This work leverages a bleeding-edge cryptographic technology called U-Prove which allows the end-user to decide what information...

Hi I am in the process of creating a series of 101's for Windows Identity Foundation and ADFS 2. Keep an eye out for them. Here are the first two: http://blogs.msdn.com/b/mcsuksoldev/archive/2010/07/07/windows-identity-foundation-101-s-ws-federation...