Michele Leroux Bustamante is chief architect for IDesign, chief security architect for BiTKOO, a Microsoft Regional Director for San Diego, and a Microsoft MVP for Connected Systems. Visit her main blog at www.michelelerouxbustamante.com. Follow her tweets at @michelebusta.
Michele Leroux Bustamante explains how to pass parameters for requests sent to a Security Token Service (STS) or to handle responses from an STS, for active or passive federation using Windows Identity Foundation.
In this column, Michele Leroux Bustamante shows you how to enhance the authorization experience. You'll learn how to work with the default set of WIF components to supply access checks, and how to implement a custom ServiceAuthorizationManager to install a custom ClaimsPrincipal type for the request thread—exposing a friendlier object model for access checks.
As with any new software development platform, Windows Azure development has its own learning curve. But with the help of these real-world tips from Michele Leroux Bustamante, you'll be well on your way to becoming a more productive Windows Azure developer.
I can tell you that the one thing that gave me, my team, my company, and our customers the most confidence was the Service Level Agreement (SLA). I’m not just talking about a document with hopeful promises regarding quality of service—I’m talking about a document that is backed by solid reports and produced from meticulous network and system review.
Michele Leroux Bustamante concludes her discussion of Security Assertion Markup Language (SAML) tokens by showing you how to produce tokens from Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF)-enabled clients and handle issues that can occur when interoperating with other platforms using SAML tokens.
Security Assertion Markup Language (SAML) assertions, aka SAML tokens, are a core element of active and passive federation. In this first article of a two-part series, Michele Leroux Bustamante explains common features of a SAML assertion and shows you how to build one using Windows Identity Foundation components.
Protect your web resources--such as Web Form pages, requests targeting custom HTTP handlers, MVC endpoints, and others--by using AppFabric Access Control and Windows Identity Foundation (WIF) with ASP.NET. Michele Leroux Bustamante walks you through code examples that show you how to use Access Control to secure web services.
Michele Leroux Bustamante introduces you to the Access Control Service, part of the Windows Azure Platform's AppFabric, and explains how it works as a standards-based token issuer in the cloud, supporting federated security scenarios for REST-based web resources.
Michele Leroux Bustamante dives deeper into how the Access Control Service (ACS) can be used to protect REST-based services built with Windows Communication Foundation (WCF) and provides a set of components that encapsulate the ACS token-request and token-authentication processes for clients and services.
In a federated security scenario, there are times when you'll want to reuse or cache security tokens in Windows clients--to avoid prompting a user for credentials more than once when tokens are shared between multiple proxies and to avoid unnecessary requests to the security token service. Michele Leroux Bustamante explains the essentials of token caching.
Windows Identity Foundation (WIF), formerly code-named Geneva, enables .NET developers to build claims-based applications and services and support federated security scenarios. Michele Leroux Bustamante takes you on a whirlwind tour of WIF, providing examples of how to conee WIF for the WCF service and using WIF to build an active or passive security token service and passive federation for ASP.NET.
I have received many questions about mobile devices
communicating with WCF services. There are not a lot of resources available on
this subject, so I decided to brush up on the details myself to provide some