Your SlideShare is downloading. ×

Wif and sl4 (en)

2,054

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,054
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.
  • 2. WIF e Silverlight 4 – Claims Aware, Federação de Identidade (Passiva e Activa)
    Nuno Godinho – Independent Consultant
  • 3. WIF e Silverlight 4 – Claims Aware, Federação de Identidade (Passiva e Activa)
    Nuno Godinho – Partner & CTO @ ITech4All
  • 4.
  • 5. Nuno Filipe Godinho
    Independent Consultant
    Mail: Nuno.Godinho@itech4all.com
    Nuno.Godinho@sapo.pt
    MSN: Nuno_God@hotmail.com
    Blogs: http://pontonetpt.com/blogs/nunogodinho
    http://xamlpt.com/blogs/nunogodinho
    http://weblogs.asp.net/nunogodinho
    http://msmvps.org/blogs/nunogodinho
    Twitter: NunoGodinho
    About Me
  • 6. Agenda
  • 7. Introduction to Claims-Based Identity
    WIF – Windows Identity Foundation
    Introduction
    Building Claims-Aware Silverlight Applications
    Identity Federation in Silverlight
    Passive Federation
    Active Federation
    Summary
    Agenda
  • 8. Introduction to Claims-based Identity
  • 9. Your Applications are prisioners of Identity Silos
    Introduction to Claims-Based Identity
    Login.aspx
    Page1.aspx
    Credential
    Stores
    Credential
    Types / APIs
    User Attributes
    Stores
  • 10. Identification in Real Life Works Pretty Well…How Do We Do That?
    Introduction to Claims-Based Identity
    Externalizes
    Authentication
    Gets user info from a document
  • 11. Claims Can Set Your Application Free
    Introduction to Claims-Based Identity
    Identity Provider
    Active Directory
    Federation Services 2.0
    STS
    Claims
    Relying Party
    Security Token
  • 12. WIF – Windows Identity Foundation
  • 13. Programming Model
    Essential claims programming model
    Claims Object Model integrated with the .NET identity API
    Single programming model for ASP.NET & WCF
    Single programming model for on-premises & cloud
    Configuration driven
    Tools for metadata-driven automatic application configuration
    WS-Federation, WS-Trust
    Framework for custom STS development
    And more…
    WIF – Windows Identity Foundation
  • 14. Object Model
    void Page_Load(object sender, EventArgs e)
    {
    IClaimsPrincipalicp = (IClaimsPrincipal)
    Thread.CurrentPrincipal;
    IClaimsIdentityclaimsIdentity =
    (IClaimsIdentity)icp.Identity;
    ageClaimValue = (fromcinclaimsIdentity.Claims
    wherec.ClaimType =="http://MyNS/AgeClaim"
    selectc.Value ).Single();
    }
    IClaimsPrincipal
    Claim
    IClaimsIdentity
    IClaimsIdentity
    Claim
    IClaimsIdentity
    Claims
    Subject
    Claim
    Identity
    Issuer
    OriginalIssuer
    Delegate
    ClaimType
    IIdentity
    AuthenticationType
    IsAuthenticated
    Name
    IPrincipal
    IsInRole
    Value
    Identity
    ValueType
    WIF – Windows Identity Foundation
  • 15. How it works
    HTTPModule(s) in the ASP.NET pipeline of the application
    They take care of exposing policy, manage protocol redirects, establish sessions…
    WSFederationAuthenticationModule
    Implements the WS-Federation redirects protocol
    SessionAuthenticationModule
    Takes care of handling sessions (regardless of the sign-in protocol)
    ClaimsPrincipalHttpModule
    Provides a hook for injecting claims in the current principal
    WIF – Windows Identity Foundation
  • 16. WIF ASP.NET Processing Pipeline
    WIF – Windows Identity Foundation
    WSFAM
    SecurityTokenHandler
    ClaimsAuthenticationManager
    SessionAuthenticationModule
    ClaimsAuthorizationManager
  • 17. Bindings
    UserNameWSTrustBinding
    CertificateWSTrustBinding
    WindowsWSTrustBinding
    KerberosWSTrustBinding
    IssuedTokenWSTrustBinding
    WIF – Windows Identity Foundation
  • 18. DEMO:
    Building Claims-Aware Silverlight Applications
  • 19. Identity Federation In Silverlight
  • 20. What is Identity Federation?
    “A user's authentication process across multiple IT systems or even organizations” – via Wikipedia
    What Is the Goal of Identity Federation?
    “The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration” – via Wikipedia
    http://en.wikipedia.org/wiki/Federated_identity
    Identity Federation in Silverlight
  • 21. What is Passive Federation?
    Identity Federation in Silverlight
    4. Authenticated
    Identity Provider
    Relying
    Party
    End-User
    Authenticated
    Trust Relationship
    2. RP Redirects the User to the IdP
    1. End-user browses to the RP
    3. End-user logs in
    6. IdP Security Token is presented to the RP
    Client
    5. IdP issues a Security Token
  • 22. DEMO:
    Identity Federation in Silverlight (Passive)
  • 23. 2. Authenticated
    What is Active Federation?
    Identity Federation in Silverlight
    Identity Provider
    w/ STS
    Relying
    Party
    End-User
    Authenticated
    Trust Relationship
    1. End-User Requests Security Token
    3. IdP issues a Security Token
    4. IdP Security Token is presented to the RP
    Requestor
  • 24. DEMO:
    Identity Federation in Silverlight (Active)
  • 25. Summary
  • 26. Claims-based Identity allows us to Free our Applications from Identity Silos
    WIF is allow us to easily implement Claims-based Identity on our Applications
    Identity Federation allows us to authenticate Users accross IT systems and Organizations
    Summary
  • 27. Two Types of Identity Federation
    Passive – Redirection Based
    Active - Actively Authenticated against the IdP’s STS
    Summary
    Free your applications…
  • 28. Nuno Godinho
    Partner @ ITech4all
    Nuno.Godinho@sapo.pt
    NunoGodinho

×