Your SlideShare is downloading. ×
Whats Auth Got To Do With It
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Whats Auth Got To Do With It


Published on

Multifactor Auth and Provider PPT

Multifactor Auth and Provider PPT

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • The following presentation was delivered at Microsoft Code Camp 9 in Waltham MA and Titled What's Auth Got to Do with it? Developing Multi-Factor Solutions with Microsoft .NET. This presentation is property of CodeRight Inc and can be freely distributed for educational purposes.This presentation is comprised of 2 parts: First I'll review what issues MFA addresses and Multi-Factor Authentication typicallyis then SECOND an example of integrating a Multi-Factor solution into a .NET Web Application.
  • Multifactor authentication (MFA) is a Authenticationsystem in which more than one form of authentication is implemented to verify the legitimacy of a transaction. Multi-Factor Authentication is used to prevent and combat Web Site Forgery. More specifically it attempted to address: Cross Site Scripting, Phishing, Pharming, and "Man in the Middle" attacks. (Now I won't go into formal definitions of each as you can find out more information on Wikipedia)
  •  So, Let's take a closer look at what is considered to be a factor of Authentication:Typically we use Login and Password (which combined is considered a single factor)However over the years other forms authentication have been used such and each can be categorized in the following way.     
  • Transcript

    • 1. Microsoft CodeCamp 9
    • 2. Multi-Factor Authentication
      • Helps addresses forms of WebSite Forgery:
      • 3. Cross Site Scripting
      • 4. Phishing/Pharming
      • 5. Man-in-the-Middle
      • 6. Man-in-the-Browser
      For more info:
    • 7. What is Mult-Factor Auth?
      • User IS or DOES
      • 8. Fingerprint or retinal pattern
      • 9. DNA
      • 10. Signature or voice recognition
      • 11. Biometric identifier
      User HAS
      ID card
      Security token
      Software token
      Phone, or cell phone
      User KNOWS
      pass phrase or PIN
    • 12. Multi-Factor Authentication
      Multi-Factor Examples?
      e-Commerce: Yahoo!, Amazon
      Financial: DiscoverCard, ING Direct
      How do you incorporate MFA into .Net
      Roll your own
      Integrate with 3rd party products:
      Tricipher, RSA, or Entrust
      Build a Custom Provider
    • 13. Multi-Factor Authentication
      Some of Today’s Options
    • 14. Membership Provider
      What is a Provider Model and how/where is it used?
      Design Pattern used extensively throughout .Netthat enables developers to abstract data store(s) from the application
      Enables the creation or use of presentation controls to “snap-in” to “any“ type of data store
      Examples of Usage:
      CreateUserWizard Control, Login, LoginViewetc.
    • 15. What is the Membership Provider Model
      Great example of Abstract Class in Action!
      Definition of What Methods to Expect (Abstract Class)
      Controls that Expect those defined Methods being implemented (CreateUserWizard, Login, LoginView)
      Implementation of those Methods (Custom Provider)
    • 16. Built-In Membership Providers
      SQL Membership Provider
      Database Schema
      ActiveDirectory Membership Providers
    • 17. Asp.Net Membership Provider
    • 18. Deploying SQLMembershipProvider
      Run - aspnet_regsql.exe
      Create a webpage, Add Login (or other) LoginView.
    • 19. Summary
      Defined Multi-Factor Authentication
      Defined a Membership Provider
      Reviewed OOB SQL Membership Provider
      Detailed how to create a Custom Provider to a Tricipher Armored Credential System (Vault)
    • 20. Questions or Job Offers ?
    • 21. Resources
    • 22. Resources (cont.)