Your SlideShare is downloading. ×
Whats Auth Got To Do With It
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Whats Auth Got To Do With It

541
views

Published on

Multifactor Auth and Provider PPT

Multifactor Auth and Provider PPT

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
541
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • The following presentation was delivered at Microsoft Code Camp 9 in Waltham MA and Titled What's Auth Got to Do with it? Developing Multi-Factor Solutions with Microsoft .NET. This presentation is property of CodeRight Inc and can be freely distributed for educational purposes.This presentation is comprised of 2 parts: First I'll review what issues MFA addresses and Multi-Factor Authentication typicallyis then SECOND an example of integrating a Multi-Factor solution into a .NET Web Application.
  • Multifactor authentication (MFA) is a Authenticationsystem in which more than one form of authentication is implemented to verify the legitimacy of a transaction. Multi-Factor Authentication is used to prevent and combat Web Site Forgery. More specifically it attempted to address: Cross Site Scripting, Phishing, Pharming, and "Man in the Middle" attacks. (Now I won't go into formal definitions of each as you can find out more information on Wikipedia)
  •  So, Let's take a closer look at what is considered to be a factor of Authentication:Typically we use Login and Password (which combined is considered a single factor)However over the years other forms authentication have been used such and each can be categorized in the following way.     
  • Transcript

    • 1. Microsoft CodeCamp 9
    • 2. Multi-Factor Authentication
      • Helps addresses forms of WebSite Forgery:
      • 3. Cross Site Scripting
      • 4. Phishing/Pharming
      • 5. Man-in-the-Middle
      • 6. Man-in-the-Browser
      For more info: http://www.tricipher.com/threats/index.html
    • 7. What is Mult-Factor Auth?
      http://en.WIKIPEDIA.org/wiki/Two-factor_authentication
      • User IS or DOES
      • 8. Fingerprint or retinal pattern
      • 9. DNA
      • 10. Signature or voice recognition
      • 11. Biometric identifier
      User HAS
      ID card
      Security token
      Software token
      Phone, or cell phone
      User KNOWS
      password
      pass phrase or PIN
    • 12. Multi-Factor Authentication
      Multi-Factor Examples?
      e-Commerce: Yahoo!, Amazon
      Financial: DiscoverCard, ING Direct
      How do you incorporate MFA into .Net
      Roll your own
      Integrate with 3rd party products:
      Tricipher, RSA, or Entrust
      Build a Custom Provider
    • 13. Multi-Factor Authentication
      Some of Today’s Options
    • 14. Membership Provider
      What is a Provider Model and how/where is it used?
      Design Pattern used extensively throughout .Netthat enables developers to abstract data store(s) from the application
      Enables the creation or use of presentation controls to “snap-in” to “any“ type of data store
      Examples of Usage:
      CreateUserWizard Control, Login, LoginViewetc.
    • 15. What is the Membership Provider Model
      Great example of Abstract Class in Action!
      Definition of What Methods to Expect (Abstract Class)
      Controls that Expect those defined Methods being implemented (CreateUserWizard, Login, LoginView)
      Implementation of those Methods (Custom Provider)
    • 16. Built-In Membership Providers
      SQL Membership Provider
      System.Web.Security.SqlMembershipProvider
      Database Schema
      ActiveDirectory Membership Providers
      System.Web.Security.ActiveDirectoryMembershipProvider
    • 17. Asp.Net Membership Provider
    • 18. Deploying SQLMembershipProvider
      Run - aspnet_regsql.exe
      Create a webpage, Add Login (or other) LoginView.
      Configure
    • 19. Summary
      Defined Multi-Factor Authentication
      Defined a Membership Provider
      Reviewed OOB SQL Membership Provider
      Detailed how to create a Custom Provider to a Tricipher Armored Credential System (Vault)
    • 20. Questions or Job Offers ?
      Email: Bryan_Tuttle@CodeRight.com
    • 21. Resources
    • 22. Resources (cont.)