SlideShare a Scribd company logo

Wif and sl4 (en)

Download as PPTX, PDF
Nuno Godinho
Nuno Godinho

This document discusses claims-based identity and identity federation in Silverlight applications using Windows Identity Foundation (WIF). It introduces claims-based identity and how WIF allows developers to integrate claims into their applications. It then covers two types of identity federation that can be implemented in Silverlight - passive federation, which uses redirects to authenticate users, and active federation, where the identity provider issues security tokens. It demonstrates implementing both types of federation with Silverlight applications using WIF.

Technology
1 of 27
WIF e Silverlight 4 – Claims Aware, Federação de Identidade (Passiva e Activa) Nuno Godinho – Independent Consultant
WIF e Silverlight 4 – Claims Aware, Federação de Identidade (Passiva e Activa) Nuno Godinho – Partner & CTO @ ITech4All
Nuno Filipe Godinho Independent Consultant Mail: Nuno.Godinho@itech4all.com Nuno.Godinho@sapo.pt MSN: Nuno_God@hotmail.com Blogs: http://pontonetpt.com/blogs/nunogodinho http://xamlpt.com/blogs/nunogodinho http://weblogs.asp.net/nunogodinho http://msmvps.org/blogs/nunogodinho Twitter: NunoGodinho About Me
Agenda
Introduction to Claims-Based Identity WIF – Windows Identity Foundation Introduction Building Claims-Aware Silverlight Applications Identity Federation in Silverlight Passive Federation Active Federation Summary Agenda
Introduction to Claims-based Identity
Your Applications are prisioners of Identity Silos Introduction to Claims-Based Identity Login.aspx Page1.aspx Credential Stores Credential Types / APIs User Attributes Stores
Identification in Real Life Works Pretty Well…How Do We Do That? Introduction to Claims-Based Identity Externalizes Authentication Gets user info from a document
Claims Can Set Your Application Free Introduction to Claims-Based Identity Identity Provider Active Directory Federation Services 2.0 STS Claims Relying Party Security Token
WIF – Windows Identity Foundation
Programming Model Essential claims programming model Claims Object Model integrated with the .NET identity API Single programming model for ASP.NET & WCF Single programming model for on-premises & cloud Configuration driven Tools for metadata-driven automatic application configuration WS-Federation, WS-Trust Framework for custom STS development And more… WIF – Windows Identity Foundation
Object Model void Page_Load(object sender, EventArgs e) { IClaimsPrincipalicp = (IClaimsPrincipal) Thread.CurrentPrincipal; IClaimsIdentityclaimsIdentity = (IClaimsIdentity)icp.Identity; ageClaimValue = (fromcinclaimsIdentity.Claims wherec.ClaimType =="http://MyNS/AgeClaim" selectc.Value ).Single(); } IClaimsPrincipal Claim IClaimsIdentity IClaimsIdentity Claim IClaimsIdentity Claims Subject Claim Identity Issuer OriginalIssuer Delegate ClaimType IIdentity AuthenticationType IsAuthenticated Name IPrincipal IsInRole Value Identity ValueType WIF – Windows Identity Foundation
How it works HTTPModule(s) in the ASP.NET pipeline of the application They take care of exposing policy, manage protocol redirects, establish sessions… WSFederationAuthenticationModule Implements the WS-Federation redirects protocol SessionAuthenticationModule Takes care of handling sessions (regardless of the sign-in protocol) ClaimsPrincipalHttpModule Provides a hook for injecting claims in the current principal WIF – Windows Identity Foundation
WIF ASP.NET Processing Pipeline WIF – Windows Identity Foundation WSFAM SecurityTokenHandler ClaimsAuthenticationManager SessionAuthenticationModule ClaimsAuthorizationManager
Bindings UserNameWSTrustBinding CertificateWSTrustBinding WindowsWSTrustBinding KerberosWSTrustBinding IssuedTokenWSTrustBinding WIF – Windows Identity Foundation
DEMO: Building Claims-Aware Silverlight Applications
Identity Federation In Silverlight
What is Identity Federation? “A user's authentication process across multiple IT systems or even organizations” – via Wikipedia What Is the Goal of Identity Federation? “The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration” – via Wikipedia http://en.wikipedia.org/wiki/Federated_identity Identity Federation in Silverlight
What is Passive Federation? Identity Federation in Silverlight 4. Authenticated Identity Provider Relying Party End-User Authenticated Trust Relationship 2. RP Redirects the User to the IdP 1. End-user browses to the RP 3. End-user logs in 6. IdP Security Token is presented to the RP Client 5. IdP issues a Security Token
DEMO: Identity Federation in Silverlight (Passive)
2. Authenticated What is Active Federation? Identity Federation in Silverlight Identity Provider w/ STS Relying Party End-User Authenticated Trust Relationship 1. End-User Requests Security Token 3. IdP issues a Security Token 4. IdP Security Token is presented to the RP Requestor
DEMO: Identity Federation in Silverlight (Active)
Summary
Claims-based Identity allows us to Free our Applications from Identity Silos WIF is allow us to easily implement Claims-based Identity on our Applications Identity Federation allows us to authenticate Users accross IT systems and Organizations Summary
Two Types of Identity Federation Passive – Redirection Based Active - Actively Authenticated against the IdP’s STS Summary Free your applications…

Recommended

Mini-Training: SSO with Windows Identity Foundation
Mini-Training: SSO with Windows Identity FoundationMini-Training: SSO with Windows Identity Foundation
Mini-Training: SSO with Windows Identity Foundation
Betclic Everest Group Tech Team
 
Implementing eGov
Implementing eGovImplementing eGov
Implementing eGov
ForgeRock
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture Review
ForgeRock
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible Identity
ForgeRock
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
ForgeRock
 
Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応
Naohiro Fujie
 
THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURE
ForgeRock
 
Authentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreAuthentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And More
Billy Cravens
 

Recommended

Mini-Training: SSO with Windows Identity Foundation
Mini-Training: SSO with Windows Identity FoundationMini-Training: SSO with Windows Identity Foundation
Mini-Training: SSO with Windows Identity Foundation
Betclic Everest Group Tech Team
 
Implementing eGov
Implementing eGovImplementing eGov
Implementing eGov
ForgeRock
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture Review
ForgeRock
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible Identity
ForgeRock
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
ForgeRock
 
Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応
Naohiro Fujie
 
THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURE
ForgeRock
 
Authentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreAuthentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And More
Billy Cravens
 
Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
Uthaiyashankar
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
FIDO Alliance
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
Swati Sinha
 
Reinforcing Your Enterprise With Security Architectures
Reinforcing Your Enterprise With Security ArchitecturesReinforcing Your Enterprise With Security Architectures
Reinforcing Your Enterprise With Security Architectures
Uthaiyashankar
 
Case Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceCase Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX Interface
ForgeRock
 
PIP Service
PIP ServicePIP Service
PIP Service
Shakh Computer (Microsoft Partner)
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
Sylvain Maret
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
ForgeRock
 
FIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in Healthcare
FIDO Alliance
 
ざっくり解説 LINE ログイン
ざっくり解説 LINE ログインざっくり解説 LINE ログイン
ざっくり解説 LINE ログイン
Naohiro Fujie
 
Windows Identity Foundation
Windows Identity FoundationWindows Identity Foundation
Windows Identity Foundation
manz1234
 
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
ForgeRock
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
Corey Roth
 
Duo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletDuo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin Wallet
Amir Yunas
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
FIDO Alliance
 
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Mike Schwartz
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
Vasiliy Suvorov
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1
ForgeRock
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
FIDO Alliance
 
TechDays 2010 Portugal - Entity Framework 4.0 and Beyond
TechDays 2010 Portugal - Entity Framework 4.0 and BeyondTechDays 2010 Portugal - Entity Framework 4.0 and Beyond
TechDays 2010 Portugal - Entity Framework 4.0 and Beyond
Nuno Godinho
 
Wif and sl4 (pt)
Wif and sl4 (pt)Wif and sl4 (pt)
Wif and sl4 (pt)
Nuno Godinho
 

More Related Content

What's hot

OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
ForgeRock
 
Windows Identity Foundation
Windows Identity FoundationWindows Identity Foundation
Windows Identity Foundation
manz1234
 
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Mike Schwartz
 

What's hot (20)

Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
 
Reinforcing Your Enterprise With Security Architectures
Reinforcing Your Enterprise With Security ArchitecturesReinforcing Your Enterprise With Security Architectures
Reinforcing Your Enterprise With Security Architectures
 
Case Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceCase Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX Interface
 
PIP Service
PIP ServicePIP Service
PIP Service
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
 
FIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in Healthcare
 
ざっくり解説 LINE ログイン
ざっくり解説 LINE ログインざっくり解説 LINE ログイン
ざっくり解説 LINE ログイン
 
Windows Identity Foundation
Windows Identity FoundationWindows Identity Foundation
Windows Identity Foundation
 
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 
Duo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletDuo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin Wallet
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
 

Viewers also liked

TechDays 2010 Portugal - Entity Framework 4.0 and Beyond
TechDays 2010 Portugal - Entity Framework 4.0 and BeyondTechDays 2010 Portugal - Entity Framework 4.0 and Beyond
TechDays 2010 Portugal - Entity Framework 4.0 and Beyond
Nuno Godinho
 
Extensibility with sl4 and mef (en)
Extensibility with sl4 and mef (en)Extensibility with sl4 and mef (en)
Extensibility with sl4 and mef (en)
Nuno Godinho
 
Tips & Tricks On Architecting Windows Azure For Costs
Tips & Tricks On Architecting Windows Azure For CostsTips & Tricks On Architecting Windows Azure For Costs
Tips & Tricks On Architecting Windows Azure For Costs
Nuno Godinho
 
Extensibility with sl4 and mef (pt)
Extensibility with sl4 and mef (pt)Extensibility with sl4 and mef (pt)
Extensibility with sl4 and mef (pt)
Nuno Godinho
 
TechDays 2010 Portugal - The Microsoft Silverlight Analytics Framework 16x9
TechDays 2010 Portugal - The Microsoft Silverlight Analytics Framework 16x9TechDays 2010 Portugal - The Microsoft Silverlight Analytics Framework 16x9
TechDays 2010 Portugal - The Microsoft Silverlight Analytics Framework 16x9
Nuno Godinho
 
Nuno Godinho Presentation / CloudViews.Org - Cloud Computing Conference 2009
Nuno Godinho Presentation / CloudViews.Org - Cloud Computing Conference 2009Nuno Godinho Presentation / CloudViews.Org - Cloud Computing Conference 2009
Nuno Godinho Presentation / CloudViews.Org - Cloud Computing Conference 2009
EuroCloud
 
East Algarve Magazine - NOVEMBER 2010
East Algarve Magazine - NOVEMBER 2010East Algarve Magazine - NOVEMBER 2010
East Algarve Magazine - NOVEMBER 2010
Nick Eamag
 
Caderno de leitura
Caderno de leituraCaderno de leitura
Caderno de leitura
Luzia Ester
 

Viewers also liked (20)

TechDays 2010 Portugal - Entity Framework 4.0 and Beyond
TechDays 2010 Portugal - Entity Framework 4.0 and BeyondTechDays 2010 Portugal - Entity Framework 4.0 and Beyond
TechDays 2010 Portugal - Entity Framework 4.0 and Beyond
 
Wif and sl4 (pt)
Wif and sl4 (pt)Wif and sl4 (pt)
Wif and sl4 (pt)
 
Extensibility with sl4 and mef (en)
Extensibility with sl4 and mef (en)Extensibility with sl4 and mef (en)
Extensibility with sl4 and mef (en)
 
Tips & Tricks On Architecting Windows Azure For Costs
Tips & Tricks On Architecting Windows Azure For CostsTips & Tricks On Architecting Windows Azure For Costs
Tips & Tricks On Architecting Windows Azure For Costs
 
Extensibility with sl4 and mef (pt)
Extensibility with sl4 and mef (pt)Extensibility with sl4 and mef (pt)
Extensibility with sl4 and mef (pt)
 
Alojamento versao-site - ccrn portugal
Alojamento versao-site - ccrn portugalAlojamento versao-site - ccrn portugal
Alojamento versao-site - ccrn portugal
 
Divulgar e-Twinning
Divulgar e-TwinningDivulgar e-Twinning
Divulgar e-Twinning
 
TechDays 2010 Portugal - The Microsoft Silverlight Analytics Framework 16x9
TechDays 2010 Portugal - The Microsoft Silverlight Analytics Framework 16x9TechDays 2010 Portugal - The Microsoft Silverlight Analytics Framework 16x9
TechDays 2010 Portugal - The Microsoft Silverlight Analytics Framework 16x9
 
Moodle_ Relatório de actividade
Moodle_ Relatório de actividadeMoodle_ Relatório de actividade
Moodle_ Relatório de actividade
 
Nuno Godinho Presentation / CloudViews.Org - Cloud Computing Conference 2009
Nuno Godinho Presentation / CloudViews.Org - Cloud Computing Conference 2009Nuno Godinho Presentation / CloudViews.Org - Cloud Computing Conference 2009
Nuno Godinho Presentation / CloudViews.Org - Cloud Computing Conference 2009
 
Tiens termék, tiens_katalógus, tiens_termékek, tiens
Tiens termék, tiens_katalógus, tiens_termékek, tiensTiens termék, tiens_katalógus, tiens_termékek, tiens
Tiens termék, tiens_katalógus, tiens_termékek, tiens
 
#44 ¡Firmes en la fe!
#44 ¡Firmes en la fe!#44 ¡Firmes en la fe!
#44 ¡Firmes en la fe!
 
The Future Biomass and Bioenergy Brazil -
The Future Biomass and Bioenergy Brazil -The Future Biomass and Bioenergy Brazil -
The Future Biomass and Bioenergy Brazil -
 
Imagem dos ginásios aos olhos dos Portugueses
Imagem dos ginásios aos olhos dos PortuguesesImagem dos ginásios aos olhos dos Portugueses
Imagem dos ginásios aos olhos dos Portugueses
 
Towards an overarching classification model of CSCW and groupware: a socio-te...
Towards an overarching classification model of CSCW and groupware: a socio-te...Towards an overarching classification model of CSCW and groupware: a socio-te...
Towards an overarching classification model of CSCW and groupware: a socio-te...
 
Architecture Best Practices on Windows Azure
Architecture Best Practices on Windows AzureArchitecture Best Practices on Windows Azure
Architecture Best Practices on Windows Azure
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & Compliance
 
East Algarve Magazine - NOVEMBER 2010
East Algarve Magazine - NOVEMBER 2010East Algarve Magazine - NOVEMBER 2010
East Algarve Magazine - NOVEMBER 2010
 
Atividades sobre o Livro - Um sapo dentro de um saco
Atividades sobre o Livro - Um sapo dentro de um sacoAtividades sobre o Livro - Um sapo dentro de um saco
Atividades sobre o Livro - Um sapo dentro de um saco
 
Caderno de leitura
Caderno de leituraCaderno de leitura
Caderno de leitura
 

Similar to Wif and sl4 (en)

Windows identityfoundationwhitepaperfordevelopers rtw
Windows identityfoundationwhitepaperfordevelopers rtwWindows identityfoundationwhitepaperfordevelopers rtw
Windows identityfoundationwhitepaperfordevelopers rtw
Pradeep Krishnamurthy
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance
 

Similar to Wif and sl4 (en) (20)

Windows identityfoundationwhitepaperfordevelopers rtw
Windows identityfoundationwhitepaperfordevelopers rtwWindows identityfoundationwhitepaperfordevelopers rtw
Windows identityfoundationwhitepaperfordevelopers rtw
 
Authenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isAuthenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 is
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
 
Authenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity ServerAuthenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity Server
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web Summit
 
Chakray.com - Enterprise Security and IAM with WSO2IS and Penrose
Chakray.com - Enterprise Security and IAM with WSO2IS and PenroseChakray.com - Enterprise Security and IAM with WSO2IS and Penrose
Chakray.com - Enterprise Security and IAM with WSO2IS and Penrose
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.Net
 
Designing and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalDesigning and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web Portal
 
End to End Security with MVC and Web API
End to End Security with MVC and Web APIEnd to End Security with MVC and Web API
End to End Security with MVC and Web API
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
 
SWXG 2010.6.9 v2
SWXG 2010.6.9 v2SWXG 2010.6.9 v2
SWXG 2010.6.9 v2
 
SAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseSAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your Enterprise
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign On
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Wif and sl4 (en)

  • 1.
  • 2. WIF e Silverlight 4 – Claims Aware, Federação de Identidade (Passiva e Activa) Nuno Godinho – Independent Consultant
  • 3. WIF e Silverlight 4 – Claims Aware, Federação de Identidade (Passiva e Activa) Nuno Godinho – Partner & CTO @ ITech4All
  • 4.
  • 5. Nuno Filipe Godinho Independent Consultant Mail: Nuno.Godinho@itech4all.com Nuno.Godinho@sapo.pt MSN: Nuno_God@hotmail.com Blogs: http://pontonetpt.com/blogs/nunogodinho http://xamlpt.com/blogs/nunogodinho http://weblogs.asp.net/nunogodinho http://msmvps.org/blogs/nunogodinho Twitter: NunoGodinho About Me
  • 7. Introduction to Claims-Based Identity WIF – Windows Identity Foundation Introduction Building Claims-Aware Silverlight Applications Identity Federation in Silverlight Passive Federation Active Federation Summary Agenda
  • 9. Your Applications are prisioners of Identity Silos Introduction to Claims-Based Identity Login.aspx Page1.aspx Credential Stores Credential Types / APIs User Attributes Stores
  • 10. Identification in Real Life Works Pretty Well…How Do We Do That? Introduction to Claims-Based Identity Externalizes Authentication Gets user info from a document
  • 11. Claims Can Set Your Application Free Introduction to Claims-Based Identity Identity Provider Active Directory Federation Services 2.0 STS Claims Relying Party Security Token
  • 12. WIF – Windows Identity Foundation
  • 13. Programming Model Essential claims programming model Claims Object Model integrated with the .NET identity API Single programming model for ASP.NET & WCF Single programming model for on-premises & cloud Configuration driven Tools for metadata-driven automatic application configuration WS-Federation, WS-Trust Framework for custom STS development And more… WIF – Windows Identity Foundation
  • 14. Object Model void Page_Load(object sender, EventArgs e) { IClaimsPrincipalicp = (IClaimsPrincipal) Thread.CurrentPrincipal; IClaimsIdentityclaimsIdentity = (IClaimsIdentity)icp.Identity; ageClaimValue = (fromcinclaimsIdentity.Claims wherec.ClaimType =="http://MyNS/AgeClaim" selectc.Value ).Single(); } IClaimsPrincipal Claim IClaimsIdentity IClaimsIdentity Claim IClaimsIdentity Claims Subject Claim Identity Issuer OriginalIssuer Delegate ClaimType IIdentity AuthenticationType IsAuthenticated Name IPrincipal IsInRole Value Identity ValueType WIF – Windows Identity Foundation
  • 15. How it works HTTPModule(s) in the ASP.NET pipeline of the application They take care of exposing policy, manage protocol redirects, establish sessions… WSFederationAuthenticationModule Implements the WS-Federation redirects protocol SessionAuthenticationModule Takes care of handling sessions (regardless of the sign-in protocol) ClaimsPrincipalHttpModule Provides a hook for injecting claims in the current principal WIF – Windows Identity Foundation
  • 16. WIF ASP.NET Processing Pipeline WIF – Windows Identity Foundation WSFAM SecurityTokenHandler ClaimsAuthenticationManager SessionAuthenticationModule ClaimsAuthorizationManager
  • 17. Bindings UserNameWSTrustBinding CertificateWSTrustBinding WindowsWSTrustBinding KerberosWSTrustBinding IssuedTokenWSTrustBinding WIF – Windows Identity Foundation
  • 18. DEMO: Building Claims-Aware Silverlight Applications
  • 19. Identity Federation In Silverlight
  • 20. What is Identity Federation? “A user's authentication process across multiple IT systems or even organizations” – via Wikipedia What Is the Goal of Identity Federation? “The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration” – via Wikipedia http://en.wikipedia.org/wiki/Federated_identity Identity Federation in Silverlight
  • 21. What is Passive Federation? Identity Federation in Silverlight 4. Authenticated Identity Provider Relying Party End-User Authenticated Trust Relationship 2. RP Redirects the User to the IdP 1. End-user browses to the RP 3. End-user logs in 6. IdP Security Token is presented to the RP Client 5. IdP issues a Security Token
  • 22. DEMO: Identity Federation in Silverlight (Passive)
  • 23. 2. Authenticated What is Active Federation? Identity Federation in Silverlight Identity Provider w/ STS Relying Party End-User Authenticated Trust Relationship 1. End-User Requests Security Token 3. IdP issues a Security Token 4. IdP Security Token is presented to the RP Requestor
  • 24. DEMO: Identity Federation in Silverlight (Active)
  • 26. Claims-based Identity allows us to Free our Applications from Identity Silos WIF is allow us to easily implement Claims-based Identity on our Applications Identity Federation allows us to authenticate Users accross IT systems and Organizations Summary
  • 27. Two Types of Identity Federation Passive – Redirection Based Active - Actively Authenticated against the IdP’s STS Summary Free your applications…
  • 28. Nuno Godinho Partner @ ITech4all Nuno.Godinho@sapo.pt NunoGodinho