... xvDonovanFollettehasbeentheADFSevangelistforalongtime,sharingwithmethepainsandthejoysoftheclaims-based identity renaissanceatPDC08.EvenifnowheisallcozyinhisnewOfcerole,Icannotforgethisincrediblecontributiontobringing identity tothecommunity.Ofcourse,wewouldnotbeevendiscussingthisifKimCameronhadnotdriventheconversationonthe identity metasystemandclaims-based identity withtheentireindustry.Thankyou,Kim!Mywife,IwonaBialynicka-Birula,deservesspecialthanks.Sheacceptedandsupportedthiscrazyinitiativenomatterwhat,whetheritmeantskippingbeachtimewhileinMauiorcopingwithinsuranceagentsandcontractorsafterourhousegotooded.Withouther,notonlywouldyounotbeholdingthisbookinyourhands,Idon’tknowwhatIwoulddo….Thankyou,darling.Ipromise:nomorebooksforsometime!Finally,Iwanttothankyou:thereadersofmyblog,whofollowedfaithfullymyramblingsforsevenyearswithoutaskingtoooftenabouttheweirdblogname;theparticipantsoftheWIFworkshopsinBelgium,UK,Germany,Singapore,Melbourne,andRedmond,whoputupsonicelywithmy“sexy”accent;andtheattendeesofthemanysessionsIgaveateventsallovertheworldinthelastveyears.Withoutyourquestions,yourcritiques,yourcomments,yourcompliments,andyourlongingforunderstanding,IwouldhaveneverfoundthemotivationtodothisandtheotherthingsIdoforevangelizing identity. Thisbookisforyou.www.it-ebooks.info Programming Windows Identity Foundation 1PartI Windows Identity Foundation for EverybodyIn this part:Claims-Based Identity ... Microsoft Windows7 ;WindowsServer2003ServicePack2;WindowsServer2008R2;WindowsServer2008ServicePack2;WindowsVista WindowsIdentityFoundation1.0runtime WindowsIdentityFoundationSDK4.0 MicrosoftđInternetInformationServices(IIS)7.5,7.0or6.0 ... c.Value).SingleOrDefault();TherstlineretrievesthecurrentIClaimsIdentityfromthecurrentprincipalofthethread,exactlyasitwouldifyouwantedtoworkwiththeclassic.NETIIdentity—theonlydifferenceisthedowncasttoIClaimsPrincipal.ThesecondlineusesLINQforretrievingthee-mailaddressfromthecurrentclaimcollection.Thequeryisveryintuitive:yousearchforalltheclaimswhosetypecorrespondstothewell-knownEmailclaimtype,andyoureturnthevalueoftherstoccurrenceyound.Forthee-mailcase,itisreasonabletoexpectthattherewillbeonlyoneoccurrenceinthecollection,However,thisisnottrueinthegeneralcase.Justthinkofhowmanygroupclaimswouldbegeneratedforanygiven Windows user;thus,thestandardwayofretrievingaclaimsvaluemusttakeintoaccountthattheremightbemultipleclaimsofthesametypeinthecurrentIClaimsIdentity.Nothinginthecodeshownindicateswhichprotocolorcredentialtypeshavebeenusedforauthenticatingtheuser.Thatmeansyouarefreetomakeanychangesinthewayinwhichusersauthenticate,withouthavingtochangeanythinginyourcode.RelyingononeIPforhandlinguserauthenticationandusingopenprotocolsdeliverstrueseparationofconcerns;therefore,makingthosechangesisalsoveryeasy.Relyingonclaimsforgettinginformationabouttheusermitigatestheneedformaintainingattributestores,wherethedatacanbecomestaleorbecompromised.Asyoucanobserve,thecodeshowninthissectiondoesnotcontainanycalltoalocaldatabasethatcouldbebrokenbyroutinechangesorthatcouldbecomeaproblemiftheapplicationismovedtoanexternalhostthatcannotaccesslocalresources.Intheageofthecloud,theimportanceofbeingabletomoveapplicationsaroundcannotbeoverestimated.www.it-ebooks.info Programming Windows đ Identity Foundation Vittorio Bertocciwww.it-ebooks.info 12 Part I Windows Identity Foundation for EverybodyRelying PartySubjectSecurityTokenClaimIdentity...