We are pleased to announce that Programming Windows Identity Foundation has shipped to the printer! This title will be available for purchase in bookstores and online in mid-September. Until then, here is the Contents at a Glance and an excerpt from the Introduction:
Contents at a Glance Part I Windows Identity Foundation for Everybody 1 Claims-Based Identity 2 Core ASP.NET Programming Part II Windows Identity Foundation for Identity Developers 3 WIF Processing Pipeline in ASP.NET 4 Advanced ASP.NET Programming 5 WIF and WCF 6 WIF and Windows Azure 7 The Road Ahead
It has been said that every problem in Computer Science can be solved by adding a level of indirection.
You don’t have to go far to find examples of successful applications of that principle. Before the introduction of the concept of driver, programs had to be rewritten every time one changed something as simple as the monitor. Before the introduction of TCP/IP, programs targeting a token ring network environment had to be rewritten if the network protocol changed. Drivers and TCP/IP helped to free application developers from the need to worry about unnecessary details, presenting them with a generic façade while leaving the nitty-gritty details to the underlying infrastructure. In addition to making the developer profession a happier one, the approach led to more robust and long-lived software for the benefit of everybody.
For various historical reasons, authentication and identity management practices never really followed the same route of monitors and network cards. Adding “authentication” to your software today still largely means messing with the code of the application itself, writing logic that takes care in detail of low level tasks such as verifying username and passwords against an account store, juggling with X509 certificates or similar. When you are spared from handling things at such low level, which usually means that you took a strong dependency on your infrastructure and your application will be unmovable without substantial rewriting: just like a program from the pre-drivers era.
As you will learn in the first chapters of this book, claims-based identity is changing all this.
Without going too much into details, claims are the means to add that extra level of indirection that eluded the identity world so far. The introduction of open protocols enjoying wide industry consensus & support, the converge toward the idea of a meta-system for identity, the success of metadata formats which can automate many tedious and error-prone tasks created the perfect storm that generated the practices collectively known as claims-based identity. Claims are paving the way for identity and access management to be pushed outside of applications and down in the infrastructure, freeing developers from the need to handle it explicitly while enhancing solutions with welcome extra advantages (such as cross- platform interoperability out of the box).
I have spent full four years working almost exclusively on claims-based architectures with customers and product teams here in Redmond; the model is sound, and it invariably delivers significant improvements against any other authentication system. However until recently actually implementing systems according to the model was a painful experience, since it required writing large amounts of custom code that would handle protocols, cryptography and similar low level aspects.
This all changed when, in October 2008, Microsoft announced the “Geneva” wave of claims- aware beta products: among those there was Windows Identity Foundation, the protagonist of the book you are holding, which was finally released in November 2009.
Windows Identity Foundation (WIF) is Microsoft’s stack for claims-based identity programming. It is a new foundational technology which helps .NET developers to take advantage of the claims based approach for handing authentication, authorization, customization and in general any identity-related task without the need to write any low-level code.
True to the claims-based identity promise, you can decide to use WIF to externalize all identity and access control logic from your applications: Visual Studio will make it a breeze, and you will not be required to know any detail about the underlying security protocols. If you want to take finer control of the authentication and authorization process, however, WIF offers you a powerful and flexible programming model that will give you complete access to all aspects of the identity management pipeline.
This book will show you how to use Windows Identity Foundation for handling authentication, authorization and identity-driven customization of your .NET applications. Although the text will often be task-oriented, especially for the novice part of the book, the ultimate goal will always be to help you understanding the claims based approach and the pattern that is most appropriate for the problem at hand.