Whats Auth Got To Do With It


Published on

Multifactor Auth and Provider PPT

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The following presentation was delivered at Microsoft Code Camp 9 in Waltham MA and Titled What's Auth Got to Do with it? Developing Multi-Factor Solutions with Microsoft .NET. This presentation is property of CodeRight Inc and can be freely distributed for educational purposes.This presentation is comprised of 2 parts: First I'll review what issues MFA addresses and Multi-Factor Authentication typicallyis then SECOND an example of integrating a Multi-Factor solution into a .NET Web Application.
  • Multifactor authentication (MFA) is a Authenticationsystem in which more than one form of authentication is implemented to verify the legitimacy of a transaction. Multi-Factor Authentication is used to prevent and combat Web Site Forgery. More specifically it attempted to address: Cross Site Scripting, Phishing, Pharming, and "Man in the Middle" attacks. (Now I won't go into formal definitions of each as you can find out more information on Wikipedia)
  •  So, Let's take a closer look at what is considered to be a factor of Authentication:Typically we use Login and Password (which combined is considered a single factor)However over the years other forms authentication have been used such and each can be categorized in the following way.     
  • Whats Auth Got To Do With It

    1. 1. Microsoft CodeCamp 9 <br />
    2. 2. Multi-Factor Authentication<br /><ul><li>Helps addresses forms of WebSite Forgery:
    3. 3. Cross Site Scripting
    4. 4. Phishing/Pharming
    5. 5. Man-in-the-Middle
    6. 6. Man-in-the-Browser</li></ul>For more info: http://www.tricipher.com/threats/index.html<br />
    7. 7. What is Mult-Factor Auth?<br />http://en.WIKIPEDIA.org/wiki/Two-factor_authentication<br /><ul><li>User IS or DOES
    8. 8. Fingerprint or retinal pattern
    9. 9. DNA
    10. 10. Signature or voice recognition
    11. 11. Biometric identifier</li></ul>User HAS<br />ID card<br />Security token <br />Software token<br />Phone, or cell phone<br />User KNOWS<br />password <br />pass phrase or PIN<br />
    12. 12. Multi-Factor Authentication<br />Multi-Factor Examples?<br />e-Commerce: Yahoo!, Amazon<br />Financial: DiscoverCard, ING Direct <br />How do you incorporate MFA into .Net<br />Roll your own<br />Integrate with 3rd party products:<br />Tricipher, RSA, or Entrust <br />Build a Custom Provider<br />
    13. 13. Multi-Factor Authentication<br />Some of Today’s Options<br />
    14. 14. Membership Provider<br />What is a Provider Model and how/where is it used?<br />Design Pattern used extensively throughout .Netthat enables developers to abstract data store(s) from the application<br />Enables the creation or use of presentation controls to “snap-in” to “any“ type of data store<br />Examples of Usage:<br />CreateUserWizard Control, Login, LoginViewetc.<br />
    15. 15. What is the Membership Provider Model<br />Great example of Abstract Class in Action!<br />Definition of What Methods to Expect (Abstract Class)<br />Controls that Expect those defined Methods being implemented (CreateUserWizard, Login, LoginView)<br />Implementation of those Methods (Custom Provider)<br />
    16. 16. Built-In Membership Providers<br />SQL Membership Provider<br />System.Web.Security.SqlMembershipProvider<br />Database Schema<br />ActiveDirectory Membership Providers<br />System.Web.Security.ActiveDirectoryMembershipProvider<br />
    17. 17. Asp.Net Membership Provider<br />
    18. 18. Deploying SQLMembershipProvider<br />Run - aspnet_regsql.exe<br />Create a webpage, Add Login (or other) LoginView.<br />Configure<br />
    19. 19. Summary<br />Defined Multi-Factor Authentication<br />Defined a Membership Provider<br />Reviewed OOB SQL Membership Provider<br />Detailed how to create a Custom Provider to a Tricipher Armored Credential System (Vault)<br />
    20. 20. Questions or Job Offers ?<br />Email: Bryan_Tuttle@CodeRight.com<br />
    21. 21. Resources<br />
    22. 22. Resources (cont.)<br />