Nicholas Allen's Indigo Blog

Windows Communication Foundation From the Inside

Browse by Tags

Tagged Content List
  • Blog Post: Claims Visualization

    Dominick Baier has a visualization for claims in the Visual Studio debugger. I’m not sure what other details to provide. It takes an identity and description for a claim and describes the issuer, metadata, and properties that make up the claim.
  • Blog Post: Routing and Impersonation

    Can the routing service introduced with .Net 4 be used with impersonation? Yes, the routing service can be used with impersonation for both sending and receiving messages. All of the usual Windows constraints of impersonation apply. If you would have needed to set up service or account permissions...
  • Blog Post: HTTPS Host Name for IIS

    The configuration of an IIS site includes the ability to associate a host name with a particular site definition. For HTTP traffic this allows multiple web sites to be hosted at the same IP address and port, with the true domain name of the site mapped using the host name header. For example, if you...
  • Blog Post: Starter STS Sample

    Dominick Baier has put up the completed StarterSTS sample that demonstrates how to write, configure, and use a realistic security token service. The token service is built using Windows Identity Foundation and provides authentication based on the ASP.NET identity provider model. Although the StarterSTS...
  • Blog Post: Debugging Delegation and Kerberos Configuration

    I came across an interesting tool the other day that can be used to debug and diagnose configuration problems with Kerberos. DelegConfig is an ASP.NET application that you install to generate a troubleshooting report about your IIS configuration, Kerberos credential usage, and delegation settings. You...
  • Blog Post: Legacy Created, Obsoleted, and Destroyed Before Shipping

    As far as I can tell there has never been a description of what the mysterious LegacyExtendedProtectionPolicy property is for that appeared on the HTTP and TCP transports and is now slowly in the process of disappearing. In the small number of places it appeared the property has been marked as obsolete...
  • Blog Post: Fix to Allow Providing Outgoing Supporting Tokens

    I've sufficiently recovered from running the last week-long series covering fixes for WCF to do another one. This week I'll again be covering fixes for WCF that may be hard to find and explaining the details behind each problem. A primary token provides security to a message by signing the message...
  • Blog Post: Fix to Disable Transport Security with Message Credentials

    I've sufficiently recovered from running the last week-long series covering fixes for WCF to do another one. This week I'll again be covering fixes for WCF that may be hard to find and explaining the details behind each problem. This is another fix that adds the feature of using message security...
  • Blog Post: Fix to Disable Security on Responses

    I've sufficiently recovered from running the last week-long series covering fixes for WCF to do another one. This week I'll again be covering fixes for WCF that may be hard to find and explaining the details behind each problem. The first fix is a new feature added to allow secure message security...
  • Blog Post: Identity and Access Control Guide

    The patterns and practices group at Microsoft has released an online guide to claims-based identity and access control. The guide is targeted at developers and architects of web services on Windows that require user-identity information. Windows Identity Foundation and Active Directory federation are...
  • Blog Post: Fix to Allow Customizing the Status Code when Validation Fails

    This week I'll be running a series covering fixes for WCF that may be hard to find and explaining the details behind each problem. This next fix is actually to add a new feature when writing a UserNamePasswordValidator. A UserNamePasswordValidator gives you a callback method called Validate that...
  • Blog Post: Identity and Federation Services Releases

    Windows Identity Foundation is an add-on for .Net 3.5 that provides support for building applications that use claims-based security. Claims-based security is the model used to implement single sign on, federation, delegation, and similar types of cross-boundary security scenarios in modern systems....
  • Blog Post: Web Security Interviews

    The folks at .Net Rocks have been doing a number of interviews over the past few months on web service security as part of their regularly running show. These are very casual conversations, each about an hour long, covering a variety of topics with the day's guests. Show 486: Michelle Leroux Bustamante...
  • Blog Post: Federating from Silverlight

    I've had a few people ask whether the WCF subset in Silverlight supports message-level security. The answer currently is not very much. The security support is limited to basically the facilities that you'd expect to have for any other browser based application, primarily HTTPS and common browser HTTP...
  • Blog Post: Configuring Client Certificate Credentials

    How do I configure a client to provide the certificate for certificate credentials? You need to use the client credentials behavior to provide the credentials that the client will use to authenticate to the service. Here’s the basic template that you can fill out and stick in the behaviors section...
  • Blog Post: Load Balanced Web Service Bindings

    What options can I use with WSHttpBinding to make it friendlier to load balancing? The primary difficulty encountered when using WSHttp with a load balancer is that WSHttp is easy to configure to produce application-level sessions between the client and service. Many load balancers support the...
  • Blog Post: Testing Services with HTTPS

    How do I setup a test environment for a service that is using HTTPS? Certificate validation fails because the test machine doesn’t have the right machine name. Included in the definition of a certificate is the fully qualified domain name that you gave to the certificate authority when the certificate...
  • Blog Post: Michele’s Norwegian Developers Conference Slides

    Michele Bustamante has published the slides and demos from her talks at the recent Norwegian Developers Conference. Michele has some great variety in material covering WCF, Azure services, and security. You can get the complete set of slides which includes: A Lap Around Geneva Framework Access...
  • Blog Post: Platform Changes in 4.0: Security

    The beta 1 release of .Net 4.0 has some big differences compared to previous releases for dealing with code security. If you’ve used the CAS (code access security) model then you might know it’s a fairly complicated set of policies and assertions for working out whether your program has permission to...
  • Blog Post: Certificate Claims

    How do I examine the properties of the SSL certificate that was used for an HTTPS operation? When a caller presents security information to the server, the caller is making a number of claims. Each claim is a piece of information that we want to later associate with the caller. Related claims are...
  • Blog Post: Security in Context

    How is the current ServiceSecurityContext determined? If you access the ServiceSecurityContext through its static Current member, there are four things that need to be true to get a valid ServiceSecurityContext. You need to have an ambient OperationContext The OperationContext needs to have...
  • Blog Post: Securing Custom Headers, Version 3

    How do I configure a client to sign or encrypt message headers that are generated dynamically at runtime? The client uses the same ChannelProtectionRequirements mechanism to specify the protection of message headers as the service does. Your intuition may be flipped though as Incoming message parts...
  • Blog Post: Federation with Geneva

    Vittorio Bertocci has a nice high-level walkthrough of performing federation in a web service using the Geneva framework. Federation is a popular way of solving the trust problem when there are many different authorities of trust that an application has to deal with. ASP.NET, Geneva Framework &...
  • Blog Post: Extending ServiceAuthorizationManager

    When extending ServiceAuthorizationManager, what does the base implementation provide? The entry point for ServiceAuthorizationManager comes from the authorization behavior of the service and goes first to CheckAccess(OperationContext, Message). This first version of CheckAccess does nothing but...
  • Blog Post: SAML Client Credentials

    Dominick Baier put up an article yesterday showing how to use client generated SAML tokens for providing client credentials. This is more a demonstration of the capabilities of Geneva for credential and claim handling than a practical code library to use. I think the use of client generated SAML tokens...
Page 1 of 6 (126 items) 12345»