The following presentation was delivered at Microsoft Code Camp 9 in Waltham MA and Titled What's Auth Got to Do with it? Developing Multi-Factor Solutions with Microsoft .NET. This presentation is property of CodeRight Inc and can be freely distributed for educational purposes.This presentation is comprised of 2 parts: First I'll review what issues MFA addresses and Multi-Factor Authentication typicallyis then SECOND an example of integrating a Multi-Factor solution into a .NET Web Application.
Multifactor authentication (MFA) is a Authenticationsystem in which more than one form of authentication is implemented to verify the legitimacy of a transaction. Multi-Factor Authentication is used to prevent and combat Web Site Forgery. More specifically it attempted to address: Cross Site Scripting, Phishing, Pharming, and "Man in the Middle" attacks. (Now I won't go into formal definitions of each as you can find out more information on Wikipedia)
So, Let's take a closer look at what is considered to be a factor of Authentication:Typically we use Login and Password (which combined is considered a single factor)However over the years other forms authentication have been used such and each can be categorized in the following way.
Whats Auth Got To Do With It
Microsoft CodeCamp 9 <br />
Multi-Factor Authentication<br /><ul><li>Helps addresses forms of WebSite Forgery:
Multi-Factor Authentication<br />Multi-Factor Examples?<br />e-Commerce: Yahoo!, Amazon<br />Financial: DiscoverCard, ING Direct <br />How do you incorporate MFA into .Net<br />Roll your own<br />Integrate with 3rd party products:<br />Tricipher, RSA, or Entrust <br />Build a Custom Provider<br />
Multi-Factor Authentication<br />Some of Today’s Options<br />
Membership Provider<br />What is a Provider Model and how/where is it used?<br />Design Pattern used extensively throughout .Netthat enables developers to abstract data store(s) from the application<br />Enables the creation or use of presentation controls to “snap-in” to “any“ type of data store<br />Examples of Usage:<br />CreateUserWizard Control, Login, LoginViewetc.<br />
What is the Membership Provider Model<br />Great example of Abstract Class in Action!<br />Definition of What Methods to Expect (Abstract Class)<br />Controls that Expect those defined Methods being implemented (CreateUserWizard, Login, LoginView)<br />Implementation of those Methods (Custom Provider)<br />
Summary<br />Defined Multi-Factor Authentication<br />Defined a Membership Provider<br />Reviewed OOB SQL Membership Provider<br />Detailed how to create a Custom Provider to a Tricipher Armored Credential System (Vault)<br />
Questions or Job Offers ?<br />Email: Bryan_Tuttle@CodeRight.com<br />