Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security   (RSS)
Thursday, October 29, 2009 5:00 AM

Federating from Silverlight

I've had a few people ask whether the WCF subset in Silverlight supports message-level security. The answer currently is not very much. The security support is limited to basically the facilities that you'd expect to have for any other browser based application,
Posted by Nicholas Allen | 0 Comments
Thursday, July 30, 2009 5:00 AM

Configuring Client Certificate Credentials

How do I configure a client to provide the certificate for certificate credentials? You need to use the client credentials behavior to provide the credentials that the client will use to authenticate to the service. Here’s the basic template that you
Posted by Nicholas Allen | 0 Comments
Wednesday, July 15, 2009 5:00 AM

Load Balanced Web Service Bindings

What options can I use with WSHttpBinding to make it friendlier to load balancing? The primary difficulty encountered when using WSHttp with a load balancer is that WSHttp is easy to configure to produce application-level sessions between the client and
Posted by Nicholas Allen | 0 Comments
Monday, July 13, 2009 5:00 AM

Testing Services with HTTPS

How do I setup a test environment for a service that is using HTTPS? Certificate validation fails because the test machine doesn’t have the right machine name. Included in the definition of a certificate is the fully qualified domain name that you gave
Posted by Nicholas Allen | 2 Comments
Tuesday, June 30, 2009 5:00 AM

Michele’s Norwegian Developers Conference Slides

Michele Bustamante has published the slides and demos from her talks at the recent Norwegian Developers Conference. Michele has some great variety in material covering WCF, Azure services, and security. You can get the complete set of slides which includes:
Posted by Nicholas Allen | 0 Comments
Filed under: , , ,
Wednesday, June 17, 2009 5:00 AM

Platform Changes in 4.0: Security

The beta 1 release of .Net 4.0 has some big differences compared to previous releases for dealing with code security. If you’ve used the CAS (code access security) model then you might know it’s a fairly complicated set of policies and assertions for
Posted by Nicholas Allen | 0 Comments
Filed under: , ,
Thursday, April 30, 2009 5:00 AM

Certificate Claims

How do I examine the properties of the SSL certificate that was used for an HTTPS operation? When a caller presents security information to the server, the caller is making a number of claims. Each claim is a piece of information that we want to later
Posted by Nicholas Allen | 0 Comments
Wednesday, April 15, 2009 5:00 AM

Security in Context

How is the current ServiceSecurityContext determined? If you access the ServiceSecurityContext through its static Current member, there are four things that need to be true to get a valid ServiceSecurityContext. You need to have an ambient OperationContext
Posted by Nicholas Allen | 0 Comments
Friday, March 27, 2009 5:00 AM

Securing Custom Headers, Version 3

How do I configure a client to sign or encrypt message headers that are generated dynamically at runtime? The client uses the same ChannelProtectionRequirements mechanism to specify the protection of message headers as the service does. Your intuition
Posted by Nicholas Allen | 0 Comments
Wednesday, March 25, 2009 5:00 AM

Federation with Geneva

Vittorio Bertocci has a nice high-level walkthrough of performing federation in a web service using the Geneva framework. Federation is a popular way of solving the trust problem when there are many different authorities of trust that an application has
Posted by Nicholas Allen | 1 Comments
Filed under: , ,
Wednesday, March 18, 2009 5:00 AM

Extending ServiceAuthorizationManager

When extending ServiceAuthorizationManager, what does the base implementation provide? The entry point for ServiceAuthorizationManager comes from the authorization behavior of the service and goes first to CheckAccess(OperationContext, Message). This
Posted by Nicholas Allen | 0 Comments
Wednesday, March 11, 2009 5:00 AM

SAML Client Credentials

Dominick Baier put up an article yesterday showing how to use client generated SAML tokens for providing client credentials. This is more a demonstration of the capabilities of Geneva for credential and claim handling than a practical code library to
Posted by Nicholas Allen | 0 Comments
Tuesday, March 10, 2009 5:00 AM

Kerberos Kernel Authentication Hotfix

After talking about Kerberos kernel authentication earlier I noticed that there was a hotfix available for a crash related to the feature. Kernel mode authentication is a new feature in IIS7 that optimizes the authentication of connections. This particular
Posted by Nicholas Allen | 1 Comments
Filed under: , ,
Friday, February 20, 2009 5:00 AM

Kerberos Kernel Authentication Issues

Why does IIS7 with Kerberos use the server machine's credentials to decrypt the ticket rather than the application pool's credentials? What you're probably seeing here is the kernel mode authentication feature that was added in IIS7 for Windows Server
Posted by Nicholas Allen | 2 Comments
Filed under: , , ,
Wednesday, January 07, 2009 5:00 AM

Updates to Reliable, Secure, and Transacted Standards Close to Approval

Updated versions of the standards for reliable message, message security, and distributed transactions have completed public review and are headed to a final vote. I expect all of these standards updates to be approved and see official publication of
Posted by Nicholas Allen | 0 Comments
More Posts Next page »
 
Page view tracker