Background Is it possible to secure a website using Windows Identity Foundation (WIF) without interfering with an existing authentication method? e.g. – Could a website secured using an ASP.NET membership provider, with all the code and configuration that entails, be layered with additional code and...

As a little exercise to teach myself WPF (argue amongst yourselves about how successful I was on that point; feedback most welcome) I have written a tool call the Windows Identity Foundation (WIF) Configuration Editor. It’s purpose is to exercise complete control over the <microsoft.identityModel>...

In this article I will demonstrate how to write a token handler for a custom token in Windows Identity Foundation (WIF). The likely circumstances for requiring a new token type are: The token type is pre-existing and needs to be federated The new token type is an extension to a token type already supported...

In the previous post we saw how easy it is to get basic Relying Party (RP) and Identity Provider (IdP) websites up and running using a minimal amount of coding with Windows Identity Foundation (WIF). I now want to extend these examples. In this post I will look at how the RP website can be enhanced...

Privacy and minimal disclosure of information are important aspects of any identity verification system. However, end-users are often unaware of exactly what information is being disclosed to online service providers. The U-Prove protocol has been devised to resolve these problems by putting into...

Background It is becoming more commonplace for the means of authenticating a user to be externalized away from the content provider. In federation parlance the content provider is known as the Relying Party (RP) and is so named because it is reliant upon an external entity for authentication, that...