Your SlideShare is downloading. ×
0
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Petar Vucetin   Soa312   Building Secure Web Services Using Windows Communication Foundation   Tech Ed 2008 (Final)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Petar Vucetin Soa312 Building Secure Web Services Using Windows Communication Foundation Tech Ed 2008 (Final)

1,231

Published on

• Securing messages between clients and services is essential to protecting data. The Windows Communication Foundation (WCF) provides a versatile and interoperable platform for exchanging secure …

• Securing messages between clients and services is essential to protecting data. The Windows Communication Foundation (WCF) provides a versatile and interoperable platform for exchanging secure messages based upon both the existing security infrastructure and the recognized security standards for SOAP messages. In this session learn how to use WCF for transfer security and access control using familiar technologies such as HTTPS, Windows integrated security, X.509 certificates, SAML, and usernames and passwords, and also new technologies such as Windows CardSpace. This session also discusses how to extend WCF security to support custom security tokens, custom authentication methods, claims-based authorization, claims transformation, and custom principals.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,231
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    • 1.
    • 2. Building Secure Web Services Using Windows Communication Foundation
      Petar Vucetin
      Senior Software Engineer
      Vertigo
      Session Code: SOA312
    • 3. Agenda
      Learn how to use standard WCF security mechanisms correctly
      Understand appropriate scenarios for the various WCF security options
      Understand how to extend WCF security for custom applications
    • 4.
    • 5.
    • 6. Threat Modeling
      CIA
      Confidentiality
      Integrity
      Availability
      STRIDE
      Spoofing
      Tampering
      Repudiation
      Information Disclosure
      DoS
      Elevation of Privilege
    • 7. Security
      Confidentiality
      Content of the message is kept secret
      Integrity
      Confidence that message received is the same that sender sent
      Authentication
      Confidence that we know caller identity
      Confidentiality and Integrity useless without authenticity
    • 8. WCF Out of the box experience
      Defaults to secure mode
      Claim-based
      Internet, Intranet and custom security scenarios
      Secure conversations
      Transfer
      Message integrity and protection
      Mutual Authentication
      (client->service, service-> client)
      Authorization
    • 9. Service Identity
      Caller Identity
      Message (WS*)
      Host
      WCF
      Service
      A
      B
      C
      A
      B
      C
      Claims
      Policy
      Transport (TLS, SSL, IPSec)
      Caller
      Service
      Trust
      Address – Where?
      A
      Binding – How?
      B
      Contract – What?
      C
    • 10. Transport Security
      Prevents eavesdropping, tampering, and message forgery
      Point-to-Point communication
      SSL over HTTP
      TLS over TCP
      Provides endpoint authentication and communications privacy using cryptography.
      IPSEC/L2TP
      Transport (TLS, SSL, IPSec)
      A
      B
      C
      A
      B
      C
      Caller
      Service
    • 11. Message WS-Security
      SOAP Envelope
      Security Token
      SOAP Header
      Timestamp
      Misc. Headers
      Signature
      Security Header
      Encrypted Key
      Encrypted Data
      SOAP Body
      Data
    • 12. Message Security
      Message (WS*)
      Caller
      Service
      Transport independent
      Uses SOAP / WS-Security
      Parts of the message can be signed or encrypted.
      All of the security information is encapsulated in the message
      Security credentials and claims with every message. Wide set of credentials and claims supported
      WCF requires X509 certificate
      A
      B
      C
      A
      B
      C
    • 13. Authentication
      Caller identification
      Windows tokens
      Certificates
      User Name
      Tokens
      Custom
      Service identification (to caller)
      Windows tokens, X.509 certificates
    • 14. AuthenticationWS-Security
      E
      S
      Contract &
      Policies
      X509
      Certificate
      Kerberos
      XrML
      Custom
      The service verifies that the user owns/is able to use a key that is never transmitted
      Private Key
      X509
      SAML
    • 15. Authorization
      What is caller allowed to do
      WCF uses callers claims
      Can have many
      Windows token, SAML
      Windows groups, ASP.NET providers, Custom provider
      No good without authentication
    • 16. Claims
      Claim
      is a declaration made by an entity about an entity (for example, a name, identity, group, key, group, or privilege). The entity that makes the claim is referred to as a claim issuer; the entity about which the claim is made is referred to as a claim subject.
      Defined by a triplet: type, right, resource
      Claim issuer
      can vouch for or endorse the claims in a security token by using its key to sign or encrypt the security token. This enables authentication of the claims in the security token.
    • 17. Partners
      STS
      Browser
      WinClient
      DMZ
      IIS
      INTRANET
      Browser
      IIS
      WinClient
      Router
    • 18. Scenarios
      Intranet
      Direct access to service (rare) – single machine
      Application servers – more common, distributed, maybe port restrictions and firewalls
      AD, Windows auth
      Internet
      Firewalled, DMZed
      Restricted ports and routes, custom identity store
      Maybe trusted subsystem down the line with AD/Windows auth
      Maybe multiple authentication systems involved
    • 19. Scenarios (cont.)
      B2B
      Crossing multiple network topologies, firewalls, port restrictions
      Non Windows security topologies and implementations
      May require acquiring and using different identities
      Maybe multiple authentication systems involved
      Most likely service to service
    • 20.
    • 21. Service and Client
      How does this stuff work?
      configuring
    • 22. Security Modes
      None. Turns security off.
      Not recommended (default for BasicHttpBinding)
      Transport.
      Uses transport security for mutual authentication and message protection.
      Message.
      Uses message security for mutual authentication and message protection. WCF requires X509 certificate.
      Both.
      Allows you to supply settings for transport and message-level security (only MSMQ supports this).
    • 23. Controlling security modes
      Name
      Title
      Company
      demo
    • 24. Security Modes (cont.)
      TransportWithMessageCredential.
      Client credentials are passed with the message. Service authentication, confidentiality, data integrity is provided by the transport layer.
      TransportCredentialOnly.
      Client credentials are passed with the transport layer and no message protection is applied.
    • 25. R Default
    • 26. WCF Channel Stack
      Service Instance
      WCF Runtime
      Operation
      Operation
      Dispatcher
      Channel Stack
      Protocol
      Protocol
      Binding
      Protocol
      Encoding
      Transport
    • 27. Security.Mode == None
      Service Instance
      WCF Runtime
      Operation
      Operation
      netTcpBinding
      Dispatcher
      Channel Stack
      TransactionFlowBinding
      Protocol
      Protocol
      Binding
      Protocol
      BinaryMessageEncodingBinding
      Encoding
      TcpTransportBinding
      Transport
    • 28. Security.Mode == Transport
      Service Instance
      WCF Runtime
      Operation
      Operation
      netTcpBinding
      Dispatcher
      Channel Stack
      TransactionFlowBinding
      Protocol
      Protocol
      Binding
      BinaryMessageEncodingBinding
      Protocol
      WindowsStreamSecurityBinding
      Encoding
      TcpTransportBinding
      Transport
    • 29. Security.Mode == Message
      Service Instance
      WCF Runtime
      Operation
      Operation
      netTcpBinding
      Dispatcher
      Channel Stack
      TransactionFlowBinding
      Protocol
      Protocol
      Binding
      SymmetricSecurityBinding
      Protocol
      BinaryMessageEncodingBinding
      Encoding
      TcpTransportBinding
      Transport
    • 30. Security.Mode == TransportWithMessageCredentials
      Service Instance
      WCF Runtime
      Operation
      Operation
      netTcpBinding
      Dispatcher
      Channel Stack
      TransactionFlowBinding
      Protocol
      TransportSecurityBinding
      Protocol
      Binding
      BinaryMessageEncodingBinding
      Protocol
      SslStreamSecurityBinding
      Encoding
      TcpTransportBinding
      Transport
    • 31. Controlling credentials at the transport level
      demo
    • 32. R Default
    • 33. Controlling Message Security and credentials
      Name
      Title
      Company
      demo
    • 34. R Default
    • 35.
    • 36. Choices
      Choices
      Choices
      You confused by now?
    • 37. Out of the box bindingsIntranet
      NetNamedPipeBinding
      Limited reach – same machine, cross process
      Fast
      No SOAP support
      Defaults:
      Security Mode: Transport
      Credentials: Windows
      Message protection : Encrypt and Sign
    • 38. Out of the box bindings (cont.)Intranet
      NetTCPBinding
      WCF-to-WCF scenarios
      Fast, can add WS* features – performance tradeoff
      If you used COM+/DCOM use this binding
      Load balancing – has server affinity, reduce lease timeout
      Defaults:
      Security Mode: Transport
      Credentials: Windows
      Message protection : Encrypt and Sign
    • 39. Out of the box bindings (cont.) Intranet
      NetMsmqBinding
      Queued work / workload leveling / Disconnected scenarios
      Defaults:
      Security Mode: Transport
      Credentials: Windows
      Message protection: Sign
      MsmqIntegrationBinding
      Non WCF clients
    • 40. Out of the box bindings (cont.) Internet
      BasicHttpBinding
      Interop for ASMX, support for WS-I Basic Profile 1.1
      Does not support WS* stack
      Works well with existing HTTP load balancing techniques
      Only binding supported in Silverlight 2.0
      Defaults:
      Security Mode: None
      Transport: None
      Credentials: User Name
      Message protection: None
    • 41. Out of the box bindings (cont.) Internet
      WsHttpBinding
      Non Windows/WCF clients
      Restricted Ports, firewalls
      Can use HTTP load balancing – Can’t use reliable session, EstablishSecurityContext == off.
      Defaults:
      Security Mode: Message
      Transport: HTTP
      Credentials: Windows
      Message protection: Sign and Encrypt
    • 42. Out of the box bindings (cont.) Internet
      WsFederationHttpBinding
      share identities across multiple systems
      Custom tokens
      Defaults:
      Security Mode: Message
      Transport: HTTP
      Credentials: Windows
      Message protection: Sign and Encrypt
    • 43.
    • 44. Service and Client
      Security Extension Points
      customization
    • 45. Customization Scenarios
      Custom security tokens
      Custom authentication methods
      Claims-based authorization
      Claims transformation
      Custom principals
    • 46. WCF Security Extensible Points
      Credentials
      Custom Security Token Manager
      Custom Service Credentials
      Custom Client Credentials
      Authorization
      Service Authorization Manager
      External Authorization Policy
      Custom Endpoint Identity Verifier
      Authentication
      Security Token Authenticator
      Security Token Provider
      Custom Authorization Policy
      Serialization
      Security Token Serializer
      Security Key Identifier Clause
    • 47. Custom Authentication
      <services>
      <servicename="CalculatorService"
      behaviorConfiguration="ServiceCredentials">
      <endpointaddress=""
      binding="wsFederationHttpBinding"
      bindingConfiguration="requireInfoCard"
      contract="ISecureCalculator" >
      <identity>
      <certificateReferencefindValue="fabrikam"
      x509FindType="FindBySubjectName"
      storeLocation="LocalMachine"
      storeName="My" />
      </identity>
      </endpoint>
      </service>
      </services>
      <bindings>
      <wsFederationHttpBinding>
      <bindingname="requireInfoCard"> ...</binding>
      </wsFederationHttpBinding>
      </bindings>
      <behaviors>
      <serviceBehaviors>
      <behaviorname="ServiceCredentials">...</behavior>
      </serviceBehaviors>
      </behaviors>
      ISecureCalculator
      SAML1.0
      CalculatorService
      http://schemas../givenname
      http://schemas../lastname
      <behaviorname="ServiceCredentials">
      <serviceAuthorizationserviceAuthorizationManagerType=
      “MyServiceAuthorizationManagers.SelfissuedServAuthMgr, MyServiceAuthorizationManagers" />
      <serviceCredentials>
      <serviceCertificate
      findValue="fabrikam"
      x509FindType="FindBySubjectName"
      storeLocation="LocalMachine"
      storeName="My" />
      <issuedTokenAuthentication
      allowUntrustedRsaIssuers="true" />
      </serviceCredentials>
      </behavior>
      http://schemas../self
      http://localhost/serv.svc
    • 48. Custom Authentication
      demo
    • 49. Service Config
      <services>
      <servicename="CalculatorService"
      behaviorConfiguration="ServiceCredentials">
      <endpointaddress=""
      binding="wsFederationHttpBinding"
      bindingConfiguration="requireInfoCard"
      contract="ISecureCalculator" >
      <identity>
      <certificateReferencefindValue="fabrikam"
      x509FindType="FindBySubjectName"
      storeLocation="LocalMachine"
      storeName="My" />
      </identity>
      </endpoint>
      </service>
      </services>
      <bindings>
      <wsFederationHttpBinding>
      <bindingname="requireInfoCard"> ...</binding>
      </wsFederationHttpBinding>
      </bindings>
      <behaviors>
      <serviceBehaviors>
      <behaviorname="ServiceCredentials">...</behavior>
      </serviceBehaviors>
      </behaviors>
      ISecureCalculator
      SAML1.0
      <bindingname="requireInfoCard">
      <securitymode="Message">
      <message
      issuedTokenType="urn:oasis:names:tc:SAML:1.0:assertion">
      <claimTypeRequirements>
      <addclaimType ="http://schemas../givenname"/>
      <addclaimType =" schemas../lastname "/>
      </claimTypeRequirements>
      <issueraddress="http://schemas.../self"/>
      </message>
      </security>
      </binding>
      </wsFederationHttpBinding>
      CalculatorService
      http://schemas../givenname
      http://schemas../lastname
      http://localhost/serv.svc
      http://schemas../self
      <behaviorname="ServiceCredentials">
      <serviceCredentials>
      <serviceCertificate
      findValue="fabrikam"
      x509FindType="FindBySubjectName"
      storeLocation="LocalMachine"
      storeName="My" />
      <issuedTokenAuthentication
      allowUntrustedRsaIssuers="true" />
      </serviceCredentials>
      </behavior>
    • 50. Client Config
      <client>
      <endpointaddress="http://localhost/serv.svc/"
      bindingConfiguration="requireInfoCard"
      binding="wsFederationHttpBinding"
      contract="ISecureCalculator"
      behaviorConfiguration="ClientCredentials">
      <identity>
      <certificateReference
      findValue="fabrikam"
      x509FindType="FindBySubjectName"
      storeLocation="CurrentUser"
      storeName="TrustedPeople" />
      </identity>
      </endpoint>
      </client>
      <bindings>
      <wsFederationHttpBinding>
      <bindingname="requireInfoCard">…</binding>
      </wsFederationHttpBinding>
      </bindings>
      <behaviors>
      <endpointBehaviors>
      <behaviorname="ClientCredentials" >…</behavior>
      </endpointBehaviors>
      </behaviors>
      ISecureCalculator
      CalculatorService
      SAML1.0
      http://localhost/serv.svc
      http://scheams../givenname
      <behaviorname="ClientCredentials" >
      <clientCredentials>
      <serviceCertificate>
      <defaultCertificate
      findValue="fabrikam"
      x509FindType="FindBySubjectName"
      storeLocation="CurrentUser"
      storeName="TrustedPeople" />
      <authenticationrevocationMode="NoCheck“ certificateValidationMode="PeerOrChainTrust" />
      </serviceCertificate>
      </clientCredentials>
      </behavior>
      http://schemas../lastname
      <bindingname="requireInfoCard">
      <securitymode="Message">
      <messageissuedTokenType="urn:oasis:names:tc:SAML:1.0:assertion">
      <claimTypeRequirements>
      <addclaimType ="http://schemas../emailaddress"/>
      <addclaimType ="http://schemas../givenname"/>
      </claimTypeRequirements>
      <issueraddress="http://schemas../self"/>
      </message>
      </security>
      </binding>
      http://madSTS.org/sts
    • 51. Tips & Tricks
      VS2008 SP1
    • 52. Tips & Tricks (cont.)
    • 53. New Services
      NetMsmqActivator (Net.Msmq Listener Adapter)
      Receives activation requests over the net.msmq and msmq.formatname protocols and passes them to the Windows Process Activation Service.
      NetPipeActivator (Net.Pipe Listener Adapter)
      Receives activation requests over the net.pipe protocol and passes them to the Windows Process Activation Service.
    • 54. New Services
      NetTcpActivator (Net.Tcp Listener Adapter)
      Receives activation requests over the net.tcp protocol and passes them to the Windows Process Activation Service.
      NetTcpPortSharing (Net.Tcp Port Sharing Service)
      Provides ability to share TCP ports over the net.tcp protocol.
    • 55.
    • 56. Q & A
    • 57. Notes
      In addition to the Walk-in and Title slides, the following slides are required
      Please add your content and include these in your final presentation
      NEXT: <next slide title>
    • 58.
    • 59. CodePlex WCF Secruity Guidance - http://www.codeplex.com/WCFSecurity
      IDesign code library - http://www.idesign.net/
      MSDN WCF demos and examples - http://wcf.netfx3.com/
      (WCF), (WF) and Windows CardSpace Samples - MSDN http://tinyurl.com/4zvppt
      Track Resources
      Bloggers:
      Ron Jacobs, Vittorio Bertocci, Michelle Bustamante, Aaron Skonnard, etc.
    • 60.
    • 61. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
      The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
    • 62. Valid?
      Client Claims
      Authority
      Service Claims
      Valid?
      Authority
    • 63. Idenity Types
      DNS - Use this element with X.509 certificates or Windows accounts.
      Certificate - This element specifies a Base64-encoded X.509 certificate value to compare with the client. Also use this element when using a CardSpace as a credential to authenticate the service.
    • 64. Certificate Reference
      RSA
      User Principal Name
      Service Principal Name
    • 65. Topology
      Partners
      STS
      Browser
      WinClient
      DMZ
      IIS
      INTRANET
      Browser
      IIS
      S2
      WinClient
      Router
      S1

    ×