08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Session 3c The SF SaaS Framework
1. SaaS Security Using
Federated Identity Management
Azure AppFabric Access Control Service (ACS)
Windows Identity Foundation (WIF)
2. What Were The Requirements?
• Favor proven security frameworks and industry standards over custom
security code
• Single sign on (SSO) between tenants
• Preferably not own or manage sensitive data
• Avoid account management in the app such as lost password, etc.
3. Our Solution: Federated Identity Management
• Leverage popular web identity providers such as Google, Yahoo.
• Leverage Azure ACS as an aggregator of these providers
• Leverage WIF for integration with ACS and claims management
4. Concept Diagram
Federation Provider
Identity Providers OpenID ACS SAML Relying Party (RP)
IIS
Google
* WIF
Claim
Yahoo STS
21. ASP.NET Request Validation
Error Message:
System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client
(wresult="<t:RequestSecurityTo...").
Workaround For Testing:
Solution For Production:
22. Authentication Flow Diagram
1 3
Browser
6 4
2 5
MVC Website Access Control Identity Providers(IP)
Service (ACS)
Google Yahoo
WIF STS
1. Request login returns 302 redirect to ACS 4. Post credentials, returns token with 302
2. Request IP selection form from ACS redirect to ACS
3. Request login form from IP 5. Validate and transform token to SAML
claims.
6. Post SAML to MVC website callback. WIF
processes and sets cookie.
25. Disadvantages
• Your user identities are tied to your ACS namespace - challenging if you
ever wanted to migrate away from your ACS namespace
• Additional cost – you pay for each token issued
• Reliance on external service for authentication
• WIF is not well integrated into the .NET framework (but that improves in
4.5) – WIF is also not very DI friendly
26. Summary
• Low barrier to entry for using existing social identities in your app
• ACS and WIF encapsulate the complexity
• Users don’t need to remember another username and password
• Developers get to save time implementing and maintaining account
management features
Editor's Notes
If project is source controlled – manually check out web.config (WIF not smart enough to do so)