Windows Identity Foundation

manz1234 1,238 views 14 slides Jan 29, 2011
Slide 1
Slide 1 of 14
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14

About This Presentation

No description available for this slideshow.

Size: 699.3 KB
Language: en
Added: Jan 29, 2011
Slides: 14 pages

Slide Content

Windows Identity Framework An overview of digital identity and single sign on.

Agenda What problems are we trying to solve Claims Security Token Service (STS) Active Directory Federation Services (ADFS 2.0) Claims Aware Application Windows Identity Foundation (WIF) Passive Federation (Intranet Scenario) Partner Federation Demo

What problems are we trying to solve? One user store per application The amount of identities users must relate to (roles, groups) Increasing cost around administration and maintenance of user stores Lack of control over user identities, both by user himself and the organizations When someone quits, how many identities in how many systems must be deactivated ? Single Sign-On

Claims Not limited in the same way as e.g. Windows Tokens (Kerberos) - Username - Groups …or ASP.NET membership provider: - User - Roles - Profiles

Claims (contd..) Claims can carry more information about the user, roles, email, age…anything Applications using Claims have one common model. Anonymize users (IsOver18). Can be accessed over internet as well as intranet. Can work with browsers and web services. The Name Claim and Role Claim is something that .NET understands today.: - HttpContext.Current.User IPrincipal ( IsInRole ) - HttpContext.Current.User.Identity IIdentity (Name, IsAuthenticated )

Security Token Service (STS) A centralized service for authentication outside the application (separation of concern) Talks to other STSs with partner organization Issues and transforms Claims

Active Directory Federation Services (ADFS 2.0) Microsoft STS Integrated with Active Directory Supports both active as well as passive clients Can integrate with other WS-trust, and other STS’s Supports SAML 1.1 and 2.0 Tokens. Supports WS-Fed (1 and 2) and SAML 2.0 protocol (not 1.1) Two flavors : Service and Proxy

Claims Aware Application The application makes authorization decisions based on the claims contained in the security token No longer required to make authentication decisions Same authorization logic for Application Deployed on the Intranet or as a Cloud service Receiving claims from its own organization’s users or users from trusted partners

Windows Identity Foundation (WIF) Provides a common programming model for claims. Validates incoming security token parses claims that are inside. Reduces complexity and necessary code to implement security in .NET apps. (no need to be a security expert) Provides plumbing tools integrated into Visual studio to configure .NET apps to use Claims and STS’s Works with WCF and ASP.NET applications.

User ADFS STS Claims-aware app Active Directory Browse app Not authenticated Redirected to STS Authenticate User Query for user attributes Return Security Token Return page and cookie Send Token ST ST App trusts STS Passive Client (Intranet scenario)

Process token Home realm discovery ST ST Redirected to partner STS requesting ST for partner user Return ST for consumption by your STS Return new ST ST Your ADFS STS Your Claims-aware app Partner Active Directory Partner user Partner ADFS STS & IP Redirected to your STS ST Authenticate Send Token Return page and cookie Browse app Not authenticated Redirect to your STS

DEMO

More Info http://msdn.microsoft.com/en-us/security/aa570351 Q&A Manu Sharma Senior Software Developer [email protected]

Thank You!
Tags
wif federation claims c adfs
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1,238
  • Slides 14
  • Favorites 1
  • Age 5421 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
Know for Certain 21
Know for Certain
DaveSinNM
21 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views
View More in This Category