HTC * ( Touch Pro2 vs Universal )

[warning: no identity in this post]

Ahh, immense joy. Today coming back from work I found a nice surprise: a brand new HTC Touch Pro2. Well, not exactly a surprise, since I spent every idle moment refreshing the FedEx tracking page; but it’s always a nice feeling to unbox a new gadget (as long as it does not become a compulsion to film & post every unboxing, behaviour that appears to be quite widespread lately. Rule 34: no exceptions).

The thingy is light, snappy, sports an enormous display with mind-blowing resolution, the best thumb keyboard I’ve ever used, and above all moves me back to first place  in the “latest smartphone” arm’s race with my wife (she has an “old” Touch Pro, and until 2 hours ago I had a s730. HA!). It does lack US 3G, but I am usually pretty content with Edge: I live constantly surrounded by PCs readily available at arm’s length, for the few times I need connectivity while on the move I can wait a bit. The other thing I am not crazy about is the charger, a super-sized UK plug: apart from the times in which I travel to Singapore (rare) or London (even more rare), that just takes a lot of room without a bringing any ROI. This is not the first time I have a phone with such a charger: 4 years ago I bought a JasJar (HTC Universal), a behemoth which was really good as PDA but a tad oversized as a phone, which forced me to go around with a fanny pack (and very briefly with a man’s purse) which was handy for keeping the rear pockets of my jeans in good shape, but that regularly unleashed hilarity among colleagues, friends & detractors alike. Now, that was a long sentence. Well, I needed an adapter and I thought I could find it in the original box of the Universal, which in turn was in the den’s closet, sleeping the sleep of the just in the geological strata that can be dated to our last move. I sure found the adapter (too many, in fact: a UK->Italy and a Italy->US), but even more interestingly I found the Universal itself. The thing is much, much bigger than the TouchPro2: keeping them side by side makes it so incredibly obvious that I felt compelled to shoot few pictures and write this silly blog entry for sharing them with you.

 

I know that the following is the quintessential commonplace about technology, nevertheless I can’t help but being amazed at this magical force that packs more power & features in smaller and slicker form factors. In front of this, a little overstretching of my jean’s pockets truly is a little sacrifice… at least I won’t have to dig out the fanny pack!

[VIDEO] Identity & Cloud Services

 

As promised last week, here there’s the video of my other session at the Belgian TechDays.

This session was part of the Architecture track, hence I took a mildly different, more abstract approach: I position Cloud computing as a trend (storytelling the famous parallel between last century’s electrification of the US and what may happen with Cloud services as we move toward a utility model), then talk about identity in general (same slides as the other session, slightly different angle) getting deeper in the underlying architectural patterns. Finally, I play a bit with the Access Control Service, using our MMC and a simple example for describing its inner workings.

In this recording I don’t do any crazy things like wearing sunglasses when I ask a question the audience (this session was 2 days earlier than the other one, I had yet to discover how bright the lights were) but I do gesticulate a lot (in fact, it’s hard for me not to do it) and I pull out of the hat few anecdotes which should mitigate your drowsiness as I blabber about the serious stuff. Have fun! :-)

Think inside the box

Yesterday evening I stumbled upon a curious article on an Italian online magazine, and as it became a conditioned reflex I posted it on my Facebook’s wall: then i promptly forgot everything about it.

This morning I stumbled upon a blog post from a good friend of mine in the identity community, who (not speaking Italian) thought that the above entry was in fact one of those very annoying fb quizzes and reposted a screenshot snippet on his blog with a humor comment on it. All normal, right? Those sound like the most unremarkable events ever reported. And yet, think for a moment: something broke, a system did fail here. My Facebook entry was set to be visible only to my fb friends & networks, while my friend’s blog is available on the public Internet. In analogy to the “elevation of privilege attack” expression, I would say I was a victim of “unintended audience enlargement” attack; but then again, I should probably phrase it differently… ;-) Let’s just say that when I use a system like Facebook I am in fact thinking inside the box: I think in term of what Fb enforces, and confidently use the tools at my disposal with the implicit assumption that everything will comply with the Fb’s laws of physics. Guess what, those laws can be eluded: you think that’s air you’re breathing now? You may think that placing the Bishop there will close the chess match in your favor, however your adversary may still have a move at its disposal: indeed, smashing the checkerboard with a sledgehammer is one such move. Taking a screenshot (or a picture, as the photo on the left suggests) of my fb’s wall is the sledgehammer that shatters the thin porcelain between the original intended audience and the vast see of casual internet surfers. Hofstadter (I never, never spell it right at first attempt) makes a beautiful point about heterarchies in GEB, but I don’t want to overstate my case. My friend certainly didn’t enlarge the audience of that piece on purpose, and I really really don’t care if that specific entry is visible on the wild wild Internet. But it’s a very good example of how *hard* is it really to manage rights and access rules on information outside a rigorously secured system. Expressing intentions is complicated: I know that Eve is working hard on the problem, and at the last IIW it was clear that the issue is of interest for many. Having an intuitive understanding of other’s intent is complicated as well, as our little example demonstrates: misinterpreting can happen even to identity experts, and once we misunderstand, percolating to the next level in the heterarchy and violating it can be exceedingly easy. Don’t get me wrong, the fact that it is complicated does not exempt us system builders from trying. The fact that many users may choose not to bother to understand and take control does not exempt us either: we should work toward reasonable defaults (good luck defining those) for the ones that can’t be bothered, and empower the others to take informed decisions. First law! You know Aenea’s leitmotif, “choose again”. At least, IMO that holds for agile applications where the info you share are vacation pics and the latest phone you bought, however I do believe that for certain other applications we should be ready to kick up a notch. That means both making sure that the user appreciate the sensitivity of the information being handled (dialog: “Dude! That’s your SSN we are talking about. Are you sure you want to print it on a tshirt?”) and providing adequate measures for keeping the info within the intended audience (ie encrypt a token containing SSN with the key of its intended audience, and have the token declare the intended audience in the signed portions). That does not mean that the info cannot be improperly shared (wait a minute, with uprove it may mean exactly that! You can’t share what you don’t know), but that doing so requires effort: how much effort should be a function of how much you care about keeping the info inside its proper box.

Oh well, 30 mins of rambling for what? In summary: we can trust each other, but that does not imply that we always understand each other’s intention: the resilience of one system should a misunderstanding (or abuse) occur should be proportional to the projected cost of the consequences of such misunderstanding. The fact that in our daily experience that cost often tends to zero (as in today’s example, luckily I was not saying anything exceedingly wrong…) should not lull us in the conviction that it is always zero.

Woah, it was a long time I could not afford the luxury of a post deserving the tag “Wild Ideas”, it was nice to unwind a bit. Nevermind, I’ll get back to business soon enough :-)

I made you a token… but I eated it: or how to debug authentication issues in ASP.NET with SecurityTokenVisualizerControl

(in case Internet memes are not your thing: before you flame me for poor grammar, know that the “I eated it” is intentional: see http://icanhascheezburger.com/2007/01/15/i-made-you-a-cookie/)

Another week, another sample ASP.NET control for identity!

There are moments in the development of claims-based websites in which you want to take a good look at the token that you are getting from the STS: if your pages are not behaving in the way you’d expect, you never really know if that’s because you are not getting the claims you were expecting or if you are not processing them in the right way. That’s just one example of why you’d want to inspect the identity info in the current context.

Normally you have two strategies for inspecting the content of the current context:

1. You write some debugging/tracing code. You know, the classic foreach on all the claims in the current IClaimsIdentity that you see so often in the samples. The approach works, but it is pretty repetitive (it’s code that you rewrite almost verbatim across different projects) and it’s usually not very exhaustive (maybe you print the claim values but it turns out that the issue was in the IntendedAudience).
2. You attach a debugger to the web app. This works very well, however it implies that the system allows you to do so and that’s not always the case.

Today’s sample control provides you with a third way. Just drag the SecurityTokenVisualizerControl (STVC) on your page, you’ll obtain a fairly comprehensive view of what’s going on in your identity context in nice tabular format, collapsible in a tiny icon so that it does not interfere too much with the rest of the page. The STVC contains code that you would otherwise write yourself in 1, and at the same time it almost as exhaustive as if you’d explore the current context using 2: all this without leaving the browser.

Below there’s a copy of the documentation accompanying the sample package. The control is extremely easy to use: as usual, remember that this is just sample code and you should be careful in using it. This time there are some issues that we felt we should highlight: you will find them in the summary section. That said, have fun!

Kudos to the Southworks team (Ariel, Matias, Tim, Diego, Fernando) who helped us on this, whipping the entire thing in just a week!

Overview

The Security Token Visualizer control (STVC) is a simple ASP.NET server control which displays in a compact layout useful information about claims-based identity in a web site secured with the Geneva Framework.

Once expanded, the STVC displays information about the current identity context

The STVC is intended to be a debugging aid, which helps you to inspect what identity info you are receiving from the STS without the need for attaching a debugger to your website. Furthermore, STVC spares you the repetitive task of writing code that retrieves and render claim values or other info about the incoming security token that are typically needed in the development & testing phases of your application life cycle.

The Control in Action in the Sample Website

The STVC in Visual Studio’s toolbox

The sample package installs the STVC in your Visual Studio toolbox, under the DPE Identity Samples tab.

 

The Default.aspx and Public.aspx pages in the sample solution

The package includes a sample solution which is used for demonstrating how the control works, however its usage is so simple that you can try it on any web page from a web site protected with the Geneva Framework: just drag it on the page and you are good to go. At design time the control appears as a red token: at run time the control will maintain its design appearance, however it will also display a “+” sing on its left that, when clicked, will expand the control in order to show various tables containing the identity information being tracked. The only property exposed by the control, Font, influences which font settings will be used for displaying information when expanded.

Figure 3 shows a couple of simple pages from the sample solution. Default.aspx can be reached only by users who successfully authenticated with a certain STS (included in the solution). Public.aspx can instead be reached by unauthenticated users. Both pages carry an instance of STVC.

Let us start with Public.aspx: open a browser and navigate to https://localhost/FabrikamAirlinesWebSite/Public.aspx.

 

STVC on a page displayed by an unauthenticated user

Once expanded, the control will simply display a warning that the current user is not authenticated, or his or her identity is not based on claims.

Let us now try with Default.aspx: navigate to https://localhost/FabrikamAirlinesWebSite. You will be immediately redirected to a development STS, as shown below.

The credential gathering page at the local development STS

Just hit submit, you will land on Default.aspx. If you expand the control, you will now see the list of identity properties in the current context.

STVC fully populated & expanded

Figure 6 shows the kind of information STVC shows. Namely:

• Issued Identity – this section shows the content of the Claims collection in the first IClaimsIdentity in the current IClaimsPrincipal. For every claim we display:
  • Type
  • Value
  • Issuer
  • Original issuer
• Delegated Identity – shows claims in the delegate member of the IClaimsIdentity instance mentioned above
• Raw SAML – shows the XML of the SAML received
• SAML Properties – contains SAML-specific properties such as Intended Audience, ValidTo, certificates used to sign (from the token) and to encrypt (from the web site configuration), etc
• The signing certificate bits can be downloaded directly via the control

It’s as simple as that!

Summary

The Security Token Visualizer Control is a rudimentary but, we hope, useful tool that can help you to troubleshoot certain identity-related issues on your web pages by saving you the hassle to write repetitive debug & tracing code.

It is important to keep in mind that this is just a very simple sample, offered as a didactic tool: STVC does not pretend to be complete, should not be used in production and has various well-known shortcomings:

• Often the issues you need to solve prevent your web site from obtaining a token, or the token may be invalid and throw: in that case, STVC is not useful since the execution will halt before hitting its code
• While we made efforts for maintaining a pluggable architecture, the current release is strongly biased toward SAML: we wanted to make sure we covered the most common case, if you need to support different token types you can write your own handler and plug it in STVC
• Since STVC is very handy for situations in which you can’t attach a debugger, the risk is that you will use liberally and end up forgetting it on live pages: that may have unintended consequences, as STVC would show info that would not be normally available. We made the icon bright red in the hope of making the control very visible and minimize the chances you will forget it on

As usual, we hope that our sample will make your life easier as you take advantage of claims based identity and the Geneva Framework. If you have feedback, we will be glad to do our best for incorporating it in the next deliverables.

[VIDEO] Putting authentication in its place: claim-based identity, services and Geneva

 

Few months ago I had the pleasure to spend few days in Antwerp, Belgium, where I participated to the local TechDays event and gave a couple of sessions. Katrien recently announced that the Belgian DPE team just published the videos of all the sessions, which is a great move since the event was exceptionally good.

The video you see below is from my session Putting authentication in its place: claim-based identity, services and Geneva. As you can guess from the frames above, I really had a lot of fun delivering that session: the location was awesome (multiplex megascreen? Cameramen? Stage & amphitheater seats? count me in!) and the audience just defied all stereotypes about Belgians being a difficult crowd, laughing at all my silly jokes (including the Belgium-localized version of the Claims Fable slide, where instead of the usual wine there’s beer, but especially at a very old pic of mine… curious yet?) and asking excellent questions. This was also another chance to show the FabrikamShipping demo, which (as announced last week) you can now download in compact form and install on your very own machine.

Well then, if you want to hear about identity while (hopefully) having the occasional laugh, tune in :-) next time I’ll point to the other session, which was about identity and the cloud

Use claims for driving your web UI… without even *seeing* a line of code

Claims based identity takes away the complexity from the plate of the application developer, and simplifies the life of the architects, security developers and administrators we maintain the broth in which the application is immersed.

While pretty much everybody can understand (& appreciate) the high level story about claims, it is not always easy to make it concrete for everybody. The developer who had to deal with code handling multiple credentials, or had to track down where a certain authorization decision happen, sees very clearly where and how claims can make his life easier: UI developers, however, may have found challenging to bridge the gap between understanding the general story and finding tangible ways in which claims make their work easier. Until now (at least i hope).

We have put together a demo which shows an example of what you could build on top of the Geneva Framework infrastructure and further raise the lever of abstraction, to the point that a web developer is empowered to take advantage of the information unlocked by the claims with just few clicks. This touches on the theme of customization, which somehow gets less attention that authentication and authorization (for obvious reasons) but that deserves its place nonetheless. In any case, it’s not rocket science: it is a simple ASP.NET control that can modify the value of properties of other controls on the page, according to the value of the incoming claims. Despite its simplicity, it allows a surprising range of tricks :-) 

The code of the demo is available on code gallery, at http://code.msdn.microsoft.com/ClaimsDrivenControl.

Below I paste the minimal documentation we have put together: expect to see some more posts in the next weeks about the control and its implications.

Overview

The Claims-Driven Modifier control is a simple ASP.NET server control which allows you to use identity for driving the behavior of your frontend UX, without requiring you to see even a single line of code.
This is made possible by the claims-based approach implemented by the Geneva Framework, which silently take care of all the underlying details and allows you to effortlessly take advantage of identity information about your user.

FCDMC being user for driving the value of a textbox

The principle followed by the control is very simple. When you use the Geneva Framework for handing access to your website, your application ends up receiving information about your current user: name, email, age, favorite color, anything that makes sense in your context. Those attributes are the famous claims. The behavior of some of the controls in your page will change according to your user’s attribute: one label will show the name of the user, the page theme will adapt to his or her favorite color, certain elements of the UI may disappear or be disabled, and so on. Traditionally you would need to write code for making all those things happen: with the Claims-Driven Modifier control (CDMC from now on), you don’t need to. Every time you want to drive the property of one control according to identity information, you drag a CDMC instance on the page: then you bind that instance to the control, in a similar way to what you would do with a classic ASP.NET validator, and you choose which property should be modified. At that point, you can edit the Expression property of the CDMC for describing how to use claims for modifying the control’s property: common examples are assigning a claim value to the Text property of a label, determining if a control’s Visible property should be true or false according to a condition on claim values (was the user born before 1982?) and so on.
This is much easier to show than to explain! Explore the sample provided and you’ll see how in few clicks you can achieve what would normally require quite a lot of coding on non-claims-based systems, and how easy it is to understand what the page does at a simple glance at the design surface.
Note: the Claims-Driven Modifier control is just one example of the kind of innovation that is enabled by the claims-based approach and by the infrastructure provided by the Geneva Framework. It is NOT part of the product and is not fit for being used “as is” in production.

The Control in Action in the Sample Website

The Fabrikam Airlines solution

Imagine you are developing a website for Fabrikam Airlines, our usual fictitious company. Currently you are working on a page that is part of a flight booking system for frequent flyers: besides the frequent flyers of Fabrikam Airlines, you need to handle customers of partner airlines that are part of the alliance Cloud Buddies.
As you can see from Figure 2, the page you are working on is quite identity-intensive: all the controls will change according to the identity of the current user. More precisely, your requirements are:

1. The fields First Name, Last Name, Telephone, Email and the labels about frequent flyer info all need to have their Text property assigned to the corresponding user’s attribute
2. The image in the middle of the form needs to change according to the frequent flyer level (gold, silver, etc)
3. The panel Fabrikam Airlines FF Privileges must be visible only if the user is a Fabrikam Airlines customer and should not be shown if the user is form a partner airline
4. The Mid-Flight massage checkbox should be enabled only if the user is a gold frequent flyer. We disable it instead of hiding it altogether because we want to remind the user that this is something that they could enjoy if only they’d fly with Fabrikam Airlines more often

In order to implement the above, you need to:

• Authenticate the user as a customer of an airline in the Cloud Buddies alliance
• Acquire the relevant user attributes
• Use the value of those attributes for achieving the UX behavior specified above

The first 2 bullets can be easily addressed by using what Geneva Framework offers already out of the box, while our Claims-Driven Modifier control can help for the third.

Authenticate the user and obtain user’s attributes

The FedUtil wizard is integrated in Visual Studio

The claims-based approach allows you to externalize authentication. You can look up the details in the identity developer training kit if you want to know more, but from the point of view of the website developer this just means that you can avoid writing a single line of code on authentication and just rely on an external entity to do the job for you. In this specific case, your users are profiled by the Cloud Buddies alliance: assuming that CloudBuddies is using claims-based identity as well, you can outsource in its entirety the burden of handling user authentication and attributes management.
All you need is the internet address of CloudBuddies: Geneva Framework extends Visual Studio with a wizard (see figure 3) which just needs that address for configuring your website to trust CloudBuddies to do all the authentication heavy lifting and just send you the user attributes you need, the famous claims. In the sample applications we provide a mock implementation of CloudBuddies, and we already ran the configuration wizard for you so Fabrikam Airlines is already set up.
Again, if you want to know more in detail how this work please refer to the Identity Developer Training Kit.

Use identity for driving the user experience

Great, now we are all set for receiving claims from our authenticated user. How should we use that information for complying with our requirements?
Geneva Framework makes it very easy to write code for doing so, thanks to its tight integration with the IPrincipal/IIdentity model that .NET uses for handling identity. In our example we lower the bar even further, providing a control that leverages the infrastructure provided by the Geneva Framework and that can automate some of the common UI customizations with just few clicks.
Let’s see how CDMC can be used for handling our requirements, considering three different categories: using claims for sourcing values, using claims for imposing conditions, and mapping claim values to internal values.

The FabrikamAirlines UI at design time

The FabrikamAirlines sample is already fully configured with the suitable CDMC instances.

Assigning Claims Values to Control Properties

A CDMC instance and its properties

Our requirement #1 asks us to assign to the Text property of some controls the value of specific claims containing identity attributes. In Figure 5 you can see one of such controls: the textbox in the screenshot is txtFirstName, and is supposed to hold the first name attribute of the current user. On the right of the textbox you can see a pentagon shaped icon, which represents a CDMC instance. Click on it: on the right side of the figure you can see the list of it properties. The most important are:

• ControlToDrive. This property represents the ID of the control we want to drive via CDMC: in this case, we can see it is already tied to txtFirstName
• PropertyToModify. Once the CDMC instance has been tied to a control, PropertyToModify will be populated with all the properties that the driven control features: in this case, we selected the property Text
• Expression. This property represents the criteria we want to apply for modifying the property of the driven control. You will rarely modify this property by typing: rather, you will click on the ellipsis and use the dialog shown in Figure 6

The expression designer in Claim value mode

The dialog is extremely straightforward: it shows that txtFirstName.text will get the value of the incoming claim givenname.

The claims collection from CloudBuddies

The list of available claims from CloudBuddies is populated automatically, thanks to the fact that we used Geneva Framework for configuring our application. If we want, we also have an option of defining custom claims if we know that we will receive them.
It’s that easy. We can repeat the procedure for all the other controls mentioned in the requirement #1, and we are done with this part.

Mapping Incoming Claims to Internal Values and Assign Them to Properties

The imgMembershipLevel control and its CDMC instance

Requirement #2 asks us to adapt the source of one image according to the membership level of our user. In figure 8 you can see that we have a CDMC tied to our image control, configured for driving the value of the ImageUrl property. However the strategy we used above will not work: we cannot expect CloudBuddies to know details that are private to our application, such as the relative path to our images.
In order to handle this case CDMC offers a new expression type, called mapping.

The expression editor in Mapping mode

A mapping expression is a collection of if-then clauses, which determine which string should be assigned to the driven property according to the values of incoming claims. In Figure 9 you can see how we use a Mapping expression for implementing our requirement. If the incoming claim FrequentFlyerLevel contains the value “gold” we will assign to the property imgMembershipLevel.ImageUrl the string “~/img/gold.png”; we do something equivalent for silver; and we could certainly go on. If you want to experiment yourself, try adding an if clause for copper.
This nicely takes care of requirement #2.

Controlling Boolean Properties of Controls with Conditions on Claims

The privileges panel and its CDMC

Requirements #3 requires us to hide or show a penal according to the Frequent Flyer program that the user belongs to. Figure 10 shows that we already hooked up a CDMC to the panel and its Visible property. However the Frequent Flyer program information is a string, while the visible property is a bool: the former approaches won’t work here. Once again, we have a different expression type that comes to the rescue: a Condition expression.

The expression editor in Condition mode

This is as intuitive as it gets: the result of the comparison will be assigned to the pnlPrivileges.Visible property. You may have noticed in the former points that the Condition option was disabled: this time it was available because the property we want to drive is a Boolean.
Requirement #4 is satisfied in the same way: there is a CDMC tied to the Mid-Flight Massage checkbox, the driven property is Enabled, and the condition is FrequentFlyerLevel==gold.

A Test Run

Let’s see the website in action. Press F5.

The CloudBuddies authentication page

Obedient to its configuration the website redirects us to CloudBuddies, where we can authenticate.
John, the default in this development version of the site, is a gold flyer with the partner ContosoAir. Let’s just click submit.

The page as it appear to John

Everything as expected: the Text properties are sourced, the image shows the right color, and the privileges panel is invisible because John is with ContosoAir. Let’s close the browser, hit F5 again and this time let’s access as Paul.

The page as it appears to Paul

Again, everything goes as planned. Text properties have been sourced, the image is now silver, and the privileges panel is visible; again according to expectations, the Mid-Flight Massage option is disabled since Paul is just at silver level.
!Summary
The simple example presented here has shown how you can easily take advantage of the identity information provided by the Geneva Framework for driving the user experience in easy and intuitive fashion: true to our promise, it was not necessary to show a single line of code.
It is important to remember that this is just an example: it does not handle well borderline cases, does not do all the automation & validation it could do, it gets the list of claims from a single source (the passive federation metadata), and so on. The preferred way of handling things is programming directly with the Geneva Framework.
In this document we tried to use general terms instead of the identity jargon, and purposefully left out deeper explanations of how the control works. Our hope is that we succeeded in giving an idea of the possibilities that the claims based approach enables, and that every developer can benefit from those innovations without the need to become identity experts.
Now we will leave you a challenge: say that you want to play a prank on one of your colleagues whose name is Paul, and you want to hide the internet connection option whenever he uses the development site: how would you use the CDMC for modifying the behavior of the current page accordingly? We are sure you’ll do this in less than a minute. Have fun!
More details will be posted on http://channel9.msdn.com/identity/ and http://blogs.msdn.com/vbertocci/

Announcing FabrikamShipping, in-depth semi-realistic sample for Geneva Framework

Do you remember the PDC session in which Kim announced all the new wave of identity products, including Geneva?

During that session I showed a pretty comprehensive demo, where  all the products & services worked together for enabling a fairly realistic end-to-end scenario. You have seen demos based on the same scenario at TechEd EU, TechDays and in many presentations from my colleagues in the various subsidiaries; finally, if you came at the Geneva booth at RSA chances are that you got an detailed walkthrough of it. Since people liked it so much, we thought it would have been nice to extract just the main web application from that scenario, and make it available to everyone in form of an in-depth example. You can find the code in a handy self-installing file on code gallery, at http://code.msdn.microsoft.com/FabrikamShipping (direct link here).

The idea is that we bridge the gap between pure technical learning content (the training kit) and high level presentation (take your pick), by providing you with a demo that on one side you can use for explaining to non-technical people what’s the point of claims-based identity, on the other side you can take the code apart and see what makes the application tick. You will see that we do little more than applying the solutions described in the identity developer training kit to the challenges that a real application requires: we comment the code here and there so you’ll always know what is going on, if you want to go deeper we recommend you look up the specific solution you are focusing on in the SDK documentation and in the training kit.

Below I am pasting the “readme” you will find in the package. We really appreciate your feedback! let us know what you like and what you don’t like, what topics you’d like covered in more depth, etc etc and as usual we’ll do our best to make you happy.

Overview

FabrikamShipping is a semi-realistic sample web application that demonstrates how to use the Geneva Framework for authentication, authorization and identity driven customization for a web frontend and a services backend. Its main goal is to show how to implement common tasks and features in web applications, combining the techniques presented separately in other technology learning material such as the Geneva Framework SDK and the Identity Developer Training Kit.

Note that while all efforts have been made for following best practices whenever possible, FabrikamShipping is NOT a reference implementation since it is designed for readability and for making as clear as possible for the reader to understand what is happening, as opposed to efficiency and maintainability. You should NOT use FabrikamShipping code in production.

The FabrikamShipping Scenario

Figure 1
FabrikamShipping’s main actors

The FabrikamShipping scenario has been originally designed as part of an end-to-end demo for PDC 2008 (video recording available at http://channel9.msdn.com/pdc2008/BB11/, from 31” on). While the general narrative remains largely unchanged, this example has been adapted to be a standalone web solution that you can install and examine on your machine without the need for virtual machines, services subscription or even internet connectivity.

Fabrikam is an ISV that sells S+S solutions to business customers. FabrikamShipping is one of such solutions: it is a web application that allows users to ship packages. Shipments are created by entering details about sender and intended recipient. Once a shipment has been created, it will go through a workflow which represents the various shipment phases (pickup, package, transit, delivery); every phase will allow the user to perform specific actions, such as cancelling the shipment or rerouting to a different address.

Adatum Corporation is a customer of Fabrikam, and subscribed to the FabrikamShipping application. John and Mary work for Adatum, and routinely use FabrikamShipping. John handles logistic in Manufacturing, while Mary is a manager: their different positions in the company translate in different privileges when using the application.

A Brief Walkthrough

Let’s take a quick look at how to use the application, without worrying about how it works for now: we will take care of the implementation details in the next section.

Pretend that you are John, and that you have a package to send. Open a browser and navigate to FabrikamShippings’ URI: https://www.fabrikamshipping.com:8082/FabrikamShipping/.

Since you are not authenticated yet, FabrikamShipping redirects you to the Adatum STS:

Figure 2
Adatum’s STS UI

Use the suggested credentials for John and hit Submit. You’ll land on FabrikamShipping’s main page:

Figure 3
The main page of FabrikamShipping

Click on the New Shipment icon.

Figure 4
The new shipment screen

As you can see, the Sender area is already populated with John’s data: this is thanks to the claims received directly from Adatum with the sign in token. For filling the Recipient form, click on “Search in CRM”; you will get a small dialog, from where you can pick a customer (here I’ll pick Dan Park).

Click the green Submit button.

Figure 5
The new shipment confirmation screen

Everything seems in order: click the Ship It! button.

Figure 6
The shipping label printing screen

Our new shipment has been created! Here there is the label that, once printed, will have to be attached to the package we want to send.

Let’s take a look at what happens when we want to modify our shipment. Click the Go to Home button.

Figure 7
The main screen now shows our new shipment for Dan

The list of shipments now includes the new entry we just created. Let’s say that we want to reroute this shipment: click directly on the Dan Park entry.

Figure 8
The shipping workflow

This page shows the shipment workflow: we are currently in the Pickup state.

Note: FabrikamShipping does not really provide any meaningful backend workflow logic, since the point of this sample is demonstrating identity capabilities rather than how to handle business processes. If for demo purposes you want to advance the state of the shipment, you can do so “manually” by clicking on a hidden button. If you hover the mouse pointer under the state label of the current stage (in this case the label “Running”) you’ll see that it changes into a hand: if you click, the workflow will advance one step.

Click the Reroute Shipment button, change something and click on the Reroute button:

Figure 9
John cannot reroute existing shipments

You will get an error: John does not have enough privileges for modifying existing shipments.

Try to start over, this time using Mary’s credentials. Remember to use a different browser instance, otherwise the Adatum STS will recognize you as John and will issue you a token without even presenting you the credentials gathering UI.

If you try to reroute a shipment, you will discover that you can do it without issues: this is because Mary belongs to the Managers group, and the system takes that into account when assigning privileges.

In the next section we will see some details about what happens behind the scenes for making this possible.

Implementation Details

Figure 10
FabrikamShipping’s Architecture

FabrikamShipping is a classic web application, which authenticates its users via passive federation.

The example includes a mock identity provider, www.adatumcorporation.com, which is a light customization of the default development STS template project provided with the beta 2 of the Geneva Framework. Since the solution is designed to be able to run from a single machine, we make the STS available via HTTPS on a custom IIS binding (on port 8081) and we provide opportune entry on the local HOST file.

The main application, https://www.fabrikamshipping.com:8082/FabrikamShipping/, is configured in a similar way and it is set to accept tokens directly from Adatum.

Note:In a more realistic scenario, Fabrikam would have a resource STS that would be used to maintain the relationship with Adatum and all the other federated partners, and where any claims transformation that may be need would take place. Every Fabrikam applications, including FabrikamShipping, would then trust the resource STS instead of having to handle the relationship with the federated partner directly.
In this sample we did not feature a resource STS at this level mainly because we wanted to keep thing simple and maintain smooth demo flow: there is a single application, that may even be running a hoster; there is a single federated partner in the picture; and for this application there is no need for claims transformation at the presentation layer. Unless you fall exactly in this category, there is a very high probability that your scenarios will indeed benefit from trusting your own resource STS rather than the partner directly.

All FabrikamShipping business logic lives in a set of WCF services. The presentation layer invokes the services using a delegation mechanism: the access privileges are decided for every service call on the basis of the current web application’s user, as opposed to relying on trusted subsystem or full website impersonation approaches. The services are configured to accept tokens from an internal STS with ActAs capabilities: the STS is in turn invoked by the presentation layer’s code-behind with the token of the original user.

The Visual Studio Solution: What to Look For

Figure 11
FabrikamShipping solution structure

The Visual Studio solution is pretty simple, and has been organized in a way that surfaces the main entities in the architecture and their component. At a glance, those are the projects and what to look from the identity management point of view:

• The Adatum folder contains only the STS subfolder with our mock identity provider, the web site http://www.adatumcorporation.com/FederationPassive/. All the identity content here is a mild customization of the default development STS offered by Geneva Framework Beta2
• The Fabrikam folder contains the bulk of the sample
  • The BackEnd subfolder contains all the projects that constitute the business logic of the sample
    • FabrikamShipping.Services.Contracts is a class library containing all the contract definitions for the services. No identity code here.
    • FabrikamShipping.Services.Host is the web application that hosts the services, which are all message-activated. The web.config shows how to configure the ClaimsAuthorizationModule, use the ConfigureServiceHostBehaviorExtensionElement for configuring WCF services for using the Geneva Framework, and assign policies via custom claimsAuthorizationManager class.The App_Code folder contains the definition of the custom claimsAuthorizationManager class, substantially the same sample found in the SDK.
    • FabrikamShipping.Services is a class library containing the services implementations. No identity code here.
    • FabrikamShipping.Data is a class library containing the data model for shipments, customers and all the entities used by the sample. No identity code here.
  • The STS folder contains the internal STS.
    • FabrikamShipping.RPSts is the web application which contains the ActAs STS which issues tokens for the frontend to invoke the backend services.The web.config shows how to configure an active STS secured via X509 certificate; it also demonstrates how to use a custom X509SecurityTokenHandler class (defined in SimpleX509SecurityTokenHandler.cs, integrated by SimpleCertificateValidator.cs) for defining the list of acceptable certificates.The ST implementation in ActAsSecurityTokenService.cs, and the method GetOutputClaimsIdentity in particular, demonstrates how to drive issuance decisions on the basis of ActAs tokens
  • The FrontEnd folder contains the main web application.
    • http://www.fabrikamshipping.com/FabrikamShipping/ is the website of the main application.The web.config contains the classic settings that are the output of the federation wizard (or fedutil) when configuring a website to accept tokens from an identity provider. Furthermore, the web.config contains the binding that is needed for requesting a token from the ActAs STS.The global.asax, and specifically the Session_start handler, demonstrates how to use the token obtained from the identity provider as an ActAs token with WSTrustClient for invoking our internal ActAs STS. The resulting token is then stored in the HTTP session, where it will be available whenever the application will need to call a backend service (a real application may need to find a more solid solution for maintaining session state).The App_Code/Clients folder contains utility classes for invoking WCF services by injecting in the call an issued token already in our possession: in our case, this will be the delegated token we stored in the HTTP session at the time of global.asax’s session_start execution.Most aspx pages will take advantage of IClaimsIdentity in the usual way for accessing claims from the identity provider; the calls to the backend services will be performed by taking advantage of the utility classes mentioned above

The Solution in IIS

Figure 12

FabrikamShipping structure in IIS

• The structure that emerges in IIS matches the solution description above. Note that
• Both websites introduce their own SSL bindings (8081 for Adatum and 8082 for Fabrikam)
• The SSL certificates are self-signed, and configured as part of the overall setup script
• In order to preserve your current settings, all web applications in the FabrikamShipping sample make use of a custom application pool, FabrikamShippingAppPool, which holds all the necessary permissions for accessing the private keys associated to the sample certificates above

Summary

FabrikamShipping is a learning tool designed for you to observe, take apart and experiment with Geneva Framework and claims based identity. We tried to make it somewhat realistic in order to hint to the business value and to the solutions to some of the most common challenges you need to address when developing a web application; at the same time, we tried to keep things simple and to make sure you always know what is going on and which part does which function. We hope we managed to strike the right balance, and that FabrikamShipping will help you to enjoy the benefits of claims-based access. Ta-daahhhhh!

The Id Element Weekly: Donovan Follette on making the shift from ADFS v1 to Geneva Server

 

In the most classic of the role reversals, in this episode of the Id Element Donovan ends up in front of the camera.

Interviewing Donovan was great fun: if you used or are using ADFS, this video will be very useful for ferrying you toward the new model. As the video caption goes:

 

Donovan is a senior technical evangelist and a host for this very show: he worked on identity since he joined Microsoft in 2005, and is a well known expert in the ADFS community. In this episode Vittorio talks with Donovan about the relationship between ADFS and Geneva Server: Donovan explains in details how to map the old terminology to the new concepts introduced in Geneva, focusing on differences and similarities in the two approaches, and in general equipping today’s  ADFS expert with everything he or she needs for hitting the ground running with Geneva Server.

Have fun!

The Id Element weekly: Caleb Baker on Geneva Server and SAML2.0 Interoperability

This week the Id Element features my good friend Caleb, partner in crime, as he chats with Donovan about the relationship Geneva Server and SAML-P. Those are 21 minutes of pure goodness: from behind-the-scenes of the various Novell & Sun interop activities for beta 2 to practical demonstrations of how to configure Geneva Server for producing and consuming SAML-P, you are guaranteed to learns something useful. Tune in!

The Id Element weekly: Geneva Server, Windows CardSpace Geneva, Information Cards and PHP Interoperability

While I was circling SFO searching for the Avis rentals return park, yesterday Donovan was publishing a new episode of the Id Element: this time you get to see the man, as opposed of the usual disembodied voice, as he interviews the Otis and Vijay about the Lake Washington School District project or RSA’s keynote fame. I am downloading the video on my little Zune for viewing it between one hike and the other for Memorial weekend; not sure if my wife will approve, but I’ll give it a try ;-) Enjoy the show!

More details about the Identity Developer Training Kit

After the packed schedule at EIC in Munich, and the frantic beta2 launch activities at teched this week, I have few relatively quiet hours in my office in Redmond before setting sails to the IIW this Sunday. While the eye of the storm lasts, I wanted to spend few more words on detailing what we have put in the identity developer training kit.

As mentioned, in this release we focused on delivering a comprehensive set of hands-on lab that would allow you to reap tangible benefits from the beta 2 of Geneva ASAP. The idea was to cover many of the scenarios that we are often asked about in forums and customer discussions, but also to present things in the right order so that application developers can learn to use geneva framework without necessarily having to understand the entire stack. That’s the essence of externalization: the authentication and authorization logic do not disappear, it simply moves out in a place where it can be more conveniently coded & maintained; and the developer that works on the app is not necessarily the same person that will work on the auth logic, hence for the app dev it may actually look like the complexity disappears! The kit tried to be respectful of that, but also kept into account the needs of the ones that want to know what really happens in the kitchen. Let me go in more details in the HOLs and the exercises we offer there:

Web Sites and Identity

Surprise surprise, this lab aims at demonstrating how to take advantage of claims based identity in your web applications.

Exercise 1: Enabling claims based access for an ASP.NET Web Application by generating a local STS

In the very first exercise you start from an existing ASP.NET app and you start working with claims, taking advantage of the new visual studio integration which allow you to create a development STS in just few clicks.

I believe it was important to start with an existing application, so that you get the feeling that you can take advantage of this already in your exisitng asset and there’s no need to start over. For the same reason, we highlight how the traditional ASP.NET role authorization syntax works well also when the information comes from claims.

At the same time, I didn’t want you to think that claims are just another kind of syntactic sugar but in the end this is just the usual RBAC; and after having heard many discussions in this sense at EIC, I am glad we took this into account. In order to demonstrate that claims enable things that were simply not possible before with roles alone, we added a step in which we configure our website to authorize access to a page only to users older than a certain age. In so doing, we show how you can take advantage of geneva framework’s hook for injecting your own authentication logic (in this case a threshold check on an int derived from a datetime value, the dateofbirth claim). If you want to know more about this specific aspect, I suggest watching Chuck’s interview.

Exercise 2: Customizing the Credentials Accepted by a Local STS

The second exercise is for the ones that want to know more about how claims based access work: here we demonstrate how to use a very simple user repository & credential verification solution, ASP.NET membership, and show how it could be used as an identity & credentials repository for an STS. In the process, we summarize the object modle and project structure of a development STS in geneva framework. An application developer may be perfectly productive without knowing what happens inside an STS, which is why the exercise is marked as optional.

Exercise 3: Accepting Tokens from a Geneva Server STS

We believe that the most common case of use on an STS will be the one in which the application developer simply refers to an existing, already-running STS instance. The natural choice was to provide a geneva server instance for the task. Thanks to the advanced support of metadata in geneva framework, this exercise is extremely quick to do.

We wanted the training kit to be as agile as possible and give you the chance to run it directly on your machines, without the need of downloading and setting up big virtual machines for hosting the geneva server: as a result, Caleb was so kind to set up such a geneva server instance on federatedidentity.net and preprovision it with a federation relationship for the lab address. This enables you to take advantage of a geneva server without installing anything on your machine, but also implies that you need to have internet connectivity for the exercise to work.

Exercise 4: Accepting Tokens from Live ID

This is a “bonus” exercise :-) With its enormous popularity, Live ID is an extremely useful identity provider to use. This exercise puts in practice the skills acquired in the former tasks and demonstrate how to implement a scenario that is among the most popular questions we receive from customers: we already saw this used as a reference for implementing federated systems where Live ID is involved .

Exercise 5: Accepting Tokens from .NET Access Control Service

Another popular scenario, accepting tokens from the .NET Access Control Service on your website is a task that I really wanted to include. Besides the practical advantage sof showing how to handle the protocol requirements of the ACS, this exercise shows how to use a resource STS and the same approach can be applied also in the case the R-STS is on your own premises.

Exercise 6: Invoking a WCF Service on the Backend via Delegated Access

Finally, this is perhaps my favorite exercise: it demonstrates how you can take advantage of an ActAs STS in your architecture for performing delegated calls to your backend, as opposed to resorting to trusted subsystems or whole-site impersonation. Expect more blog posts about this specific scenario in the future.

Note: the exercise is mainly meant for the website developer, hence it really does not go in the details of how the ActAs STS or the services are taking advantage of geneva framework for making the delegation magic happen. As a result, they are provided as part of the initial solution elements as opposed to be progressively constructed: however nothing prevents you to take a peek at the code, if you are curious ;-)

Web Services and Identity

Perhaps there is a bit of observer influencing the experiment here (hello-oh? plate), however there’s a surprisingly high percentage of people that really want to use geneva framework in the context of SOA and services. Those guys are often knowledgeable about the WCF programming model, hence the information about using the geneva framework object model with web services need to be cognizant of that; that’s what we tried to do with the Web Services & Identity lab.

Exercise 1: Using Geneva Framework for Handling Authentication and Authorization in a WCF Service

The first exercise does not even have an STS in the scenario, and sues username/password directly. It is there exclusively for introducing you to the service programming model in the geneva framework and understand the differences in respect to what you were doing in WCF for handing authentication & authorization. If you went through the first lab (not a prerequisite), this exercise will also highlight the differences induced by the different hosting models in ASP.NET and WCF (again, Chuck’s explanation is your friend).

Exercise 2: Accepting Tokens from a Geneva Server STS

This is analogous to exercise 3 in the web sites lab, and just shows how to use fedutil in the active case. Again, Caleb & Federatedidentity.net came to the rescue and the result is that you can take advantage of a preprovisioned geneva server available online, without the need to setting up any VM in your local environment.

Note that the model for using ClaimsAuthorizationManager remains pretty much the same even if here we are dealing with services rather than pages.

Exercise 3: Accepting Tokens from .NET Access Control Service

I think it’s an interesting scenario to consider the use of the .NET Access Control Service for your backed, however there were not many examples of the ACS used with active profile and federation rather than the temporary credentials currently offered with .NET solutions. Also, for some reason many examples tend to use Live ID as an IP when it comes to show ACS: this scenario demonstrates how you can use your own IP-STS instead, and you can easily transport it to the case in which you use a full fledged geneva server instance for that job.

Exercise 4: Invoking a WCF Service on the Backend via Delegated Access

This is the delegated scenario again, which si similar to exercise 6 in the Web sites lab but that shows challenges of its own: for example, the fact that we use a rich client has implications in the way in which we handle the token flow.

Enhancing ASP.NET Membership Provider Website with identity provider Capabilities

Remember my recent post about adding a passive STS to an existing ASP.NET membership-based website? Well, that post was pretty much the prototype for this exercise: the key difference being that while for the blog post i had to use beta1, this lab takes full advantage of beta 2. Go ahead, compare the length of the blog post with the length of the lab: even if you factor out the silly jokes that crowd my posts (and that I had the good taste to avoid in the lab manuals), the former is still dramatically longer than the latter. Why? Mainly thanks to the outstanding support for metadata that beta2 offers. I really suggest you take a look at all the code for this one :-)

Introduction to the .NET Access Control Service

This is the same lab we added in the Azure Services Training Kit, enhanced with the exercise 5 from the web lab and 3 from the web services lab above. I think we’ll include this in the next drop of the azure services training kit.

I think I should give credit where credit is due: the product team was absolutely invaluable for this, providing validation for the scenarios and even code fragments for making sure that the kit shows true intended usage of the product. I am sure I am forgetting somebody but Stuart, Caleb, Sesha, Jan and Chuck are the first that come to mind as the people who made this possible.

Finally, I really want to thank our partner SouthWorks who helped us with the implementation of the lab: besides their usual professionalism, Matias, Ariel and Tim had to demonstrate infinite patience as yours truly expressed his manic-depressive-controlling personality and combed *everything*, at the finest granularity, on daily basis. Thank you guys, you are outstanding, as usual.

That’s it. We are really looking forward for your feedback, and we hope that the kit will help you enter the fascinating world of identity & development :-)

Geneva Beta 2 Week on the Id Element show

In less than a month of availability, the Id Element show on Channel 9 enjoyed more than 86,000 views: considering that Identity has been traditionally considered a niche subject, those are impressive numbers which demonstrate a healthy interest from you guys. THANK YOU :-)

Now that beta 2 is out, we know that many of you want to know *EVERYTHING* about it. Your desire is our command! We just released a burst of 4 videos precisely about it. Namely, we cover the Geneva Framework and the Geneva Server with two introductory interviews and two deep dives:

· Chuck Reeves explores the Geneva Framework structure in depth

· Sesha Mani reports on what’s new with the Geneva Framework

· Jan Alexander describes the new claims transformation language

· Matt Steele discusses what’s new in Geneva Server

I should not be the one saying that, but the quality of the info is just great: the deep dives are chock full of info you won’t find anywhere else, and the overviews are the best way to start with the right foot when approaching beta2. Enjoy the show!

Announcing the Identity Developer Training Kit

If you were wondering what kept me up in the evenings of the last few months, wonder no more :-)

The Identity Developer Training Kit is a set of hands-on labs and resources designed to help developers to take advantage of Microsoft’s identity products and services. Being designed for developers, the kit focuses on the Geneva Framework: however it also gives guidance on how to take advantage of Geneva Server, Windows Live ID, the Microsoft Federation Gateway and the .NET Access Control Service (which is featured in a renewed and expanded lab). Most of the tasks are demonstrated both for ASP.NET web applications and for WCF services. We went to great lengths for eliminating as much as possible the friction that is traditionally associated with security samples, by providing configuration scripts and tools which automate many of the setup steps.

We took special care to follow a progressive approach, in which we introduce concepts and ideas gradually: however we made sure that every single step is useful for solving a real-life problem, so that your never have to wait for seeing the value that the product/service/approach delivers. Future releases of the kit will include presentations, which will follow the same philosophy. I will blog more extensively about the kit in the next days. A reduced version of the kit is being used right now as HOL here at TechEd US, so if you are here in L.A. you can have fun with it! If you have issues, you find me at the Geneva booth most of the time: I am the one with short silver hair and glasses. Seriously. NOOT :-D

The Identity Developer Training Kit is the result of a close collaboration between us in evangelist and the identity product team, and I hope I am not showing too much hubris if I dare say it came out pretty well: I am delighted that we finally managed to make something like this available to the developer community, and I am looking forward for your feedback. Happy coding!

Geneva Beta 2 is out!

Ahh, *FINALLY* I can talk about it!

Few minutes ago we announced from the Forefront blog the availability of the beta 2 release of the “Geneva” products: “Geneva” Framework, “Geneva” Server and Windows CardSpace “Geneva”.

The new beta introduces new features, such as the seamless integration with Visual Studio, which make even easier for developers to take advantage of identity capabilities without being exposed to unnecessary complexity; or the new claims transformation language, which has no counterpart in competitor’s products and gives unprecedented expressive power to system administrators. All awesome stuff :-) Donovan and I worked around the clock for welcoming this new important release with adequate pomp: specifically, today we are releasing the Developer Identity Training Kit and we just opened the Geneva Beta 2 Week Special on the Id Element; follow the links for knowing more about it!

Geneva wins a European Identity Award in the category “Best Innovation”

I briefly mentioned this in a post yesterday, but this is so nice that it deserves its very own post. From http://www.id-conf.com/blog/2009/05/07/awards-for-outstanding-identity-management-projects/:

On the occasion of the European Identity Conference 2009 (EIC), the leading European event for Identity and Access Management (IAM) and GRC (Governance, Risk Management, and Compliance), the analyst firm Kuppinger Cole conferred the European Identity Award. The award recognizes outstanding projects as well as innovations and additional developments of standards.

And again from the awards page:

In the category “Best innovation”, […] Another award in that category went to Microsoft for their Geneva project, in which federation becomes part of user containers - in the view of Kuppinger Cole, one of the most significant enhancements for future use and dissemination of the Identity Federation.

That’s awesome :-) there were three microsoftees in the room (Carla Canavor, Ariel Gordon and myself) and Ariel did the honors: