1184 microsoft windows identity foundation cookbook

294 145 0
1184 microsoft windows identity foundation cookbook

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

www.it-ebooks.info Microsoft Windows Identity Foundation Cookbook Over 30 recipes to master claims-based identity and access control in NET applications, using Windows Identity Foundation, Active Directory Federation Services, and Azure Access Control Services Sandeep Chanda BIRMINGHAM - MUMBAI www.it-ebooks.info Microsoft Windows Identity Foundation Cookbook Copyright © 2012 Packt Publishing All rights reserved No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews Every effort has been made in the preparation of this book to ensure the accuracy of the information presented However, the information contained in this book is sold without warranty, either express or implied Neither the author nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals However, Packt Publishing cannot guarantee the accuracy of this information First published: April 2012 Production Reference: 1170412 Published by Packt Publishing Ltd Livery Place 35 Livery Street Birmingham B3 2PB, UK ISBN 978-1-84968-620-4 www.packtpub.com Cover Image by David Gutierrez (bilbaorocker@yahoo.co.uk) www.it-ebooks.info Credits Author Project Coordinator Sandeep Chanda Michelle Quadros Reviewers Proofreaders Senthil Kumar Clyde Jenkins Pushpendra Singh Linda Morris Acquisition Editor Indexer Rukshana Khambatta Development Editor Hemangini Bari Graphics Shreerang Deshpande Valentina D'Silva Manu Joseph Technical Editors Devdutt Kulkarni Production Coordinator Vrinda Amberkar Arvindkumar Gupta Cover Work Arvindkumar Gupta www.it-ebooks.info www.it-ebooks.info Foreword I still remember sitting down with my brand new copy of Writing Secure Code by Michael Howard and David LeBlanc Having moved beyond writing relatively simple intranet web reports, (before the term "BI" came to embody what at the time we thought was an incredibly innovative way to display call center metrics for managing credit card operations) I found myself in a development lead position responsible for building a web portal for managing the collections process for JP Morgan Chase's auto and home business The portal interfaced with a number of internal assets, such as SQL Server, Oracle, and IBM Mainframes via Terminal 3270 emulation, as well as external partners, such as Experian and Equifax In addition to the learning curve of moving from Classic Active Server pages to productionworthy NET Framework 1.1 and ASP.NET Web Services, we were just beginning to dramatically disrupt the enterprise as a way to minimize the friction between systems while increasing the reusability of these integration investments As a fledgling new lead, building the portal to stop world hunger and to cure cancer (as all the intranet portals promised to in those days), I was keenly aware that the solution had to be secure, because after all, "All Input Is Evil", and working in the financial services industry, no security breach or personal information leak goes unpunished, no matter how trivial For weeks I skimmed through the 600 page volume, incrementally building confidence that I was doing my due diligence in implementing a trusted subsystem, identifying and authenticating my users, applying the least privilege, and preventing the SQL injection attacks Things were significantly simpler in 2003 All of my users were in Active Directory, and as long as I didn't need them to multiple hops, NTLM was just fine, thank you very much I put a lot of thought into the roles and proudly remember showing my manager how the new users would automatically have access to the portal as soon as their account was created (provided IT assigned them to the right group! J) Well, it turns out this "Web Services" thing was real, and what they did for the enterprise a decade ago pales in comparison to how service orientation has transformed the way users expect to be able to interact with software today The proliferation of modern web applications and mobility demand a completely new perspective when designing modern applications Whether you are building Web, desktop, or mobile solutions that reside on-premise, on the cloud, or are a hybrid thereof, identity and access control have never been more important www.it-ebooks.info Whether in the enterprise or consumer space, today's users demand access to your application from anywhere and at any time And, for your applications to compete in the market and provide real value, they must compose a variety of assets, that is public and private, each of which carry their own requirements for authentication and authorization In short, modern applications must be claims-aware While the options for federating identity and access control across the public and corporate assets are both varied and daunting, they also present the tremendous opportunities for unlocking the potential of your applications in taking advantage of the existing investments at a global scale To enable this new breed of applications, Microsoft provides the Windows Identity Framework (WIF), which aims to simplify working with claims-based security by providing standardized APIs, templates, and tools that make the process of accessing, interpreting, and mapping claims tenable Initially provided as a standalone framework (previously known as Geneva), WIF is now included as a part of NET 4.5, which is in beta at the time of writing this book The inclusion of WIF in NET is not merely a packaging decision, but a clear reflection of the commitment that Microsoft has made to this powerful security framework As such, Sandeep's book couldn't come at a better time Careful to begin with easy-to-grasp fundamentals of claims-based security, Sandeep progresses through the common WIF programming tasks using examples in ASP.NET and WCF familiar to the most NET developers, while covering bleeding-edge scenarios including new features exposed in Windows and securing Windows Metro applications This book offers a combination of simple, intermediate, and advanced scenarios, covering AD FS 2.0 and incorporating web identity providers such as Windows Live ID, Google, Yahoo!, and Facebook with Azure Service Bus Access Control Service Also covered are the real-world scenarios that you are likely to encounter for securing Microsoft SharePoint, SalesForce.com, and Microsoft Dynamics CRM In addition to providing a hands-on pragmatic reference that will be immediately valuable to your next project, this book is a reflection of Sandeep's real-world experience, successfully applying these concepts and techniques in the field, the value of which is worth the price of this book alone If you are serious about building claims/identity-aware services and the applications on NET Framework, and want to get started today, this book belongs in your library Rick G Garibay General Manager, CSD Practice Neudesic Microsoft MVP, Connected Systems Developer www.it-ebooks.info About the Author Sandeep Chanda is a Director of Solutions at Neudesic, a Microsoft National Systems Integrator and Gold Certified Partner He has been working on several Microsoft Technologies (including but not limited to NET, BizTalk, SharePoint, and Dynamics CRM) for the past seven years, of which the last couple of years were spent on building claims-aware applications for leading companies in the Manufacturing and Hospitality domains He is a technology enthusiast and a speaker at various corporate events and public webinars He has authored several articles on Microsoft Dynamics CRM 4.0 in a popular online developer magazine Most recently, he has been involved in evangelizing the aspects of Application Lifecycle Management and developer collaboration, using Team Foundation Server 11 Beta He also spends quite a bit of time travelling and training the different teams on the new features of NET Framework 4.5 and Windows Metro application development Sandeep holds an MS degree in Software Systems from BITS Pilani, and his areas of interest include Serviceoriented Computing, Pervasive Computing, and Haptic Devices He occasionally blogs at http://vstslive.wordpress.com and can be reached over email at sandeep chanda@neudesic.com Currently celebrating a decade of technological innovation, Neudesic was founded in 2002 by forward-thinking industry veterans Parsa Rohani, Tim Marshall, and Anthony Ferry, who saw opportunity in the development of Microsoft's NET platform Neudesic has since acquired a deep understanding of Microsoft's entire technology stack The Microsoft National Systems Integrator and Gold ISV Partner has leveraged its expertise in Microsoft's various platforms to become a leading provider of SharePoint, Dynamics CRM, Azure, and mobile solutions Through the years, various industry and business publications have recognized Neudesic's meteoric rise from a small startup with a vision to an established force on a mission For the fifth straight year in 2011, Inc Magazine named Neudesic to its list of America's fastest growing private companies Sandeep is associated with Neudesic India, the company's international presence in India headed by Ashish Agarwal Ashish is an alumnus of University of South California, and joined Neudesic in the early days of its inception and has since led the India team to over 100 successful engagements associating with more than 30 clients www.it-ebooks.info Acknowledgement The best part about writing a book is working with an awesome team that motivates you to give it your best That you are holding this book today is attributed to the phenomenal team that made it happen Thanks to the entire editorial team, especially Rukshana Khambatta, Shreerang Deshpande, and Michelle Quadros, who managed the project with the meticulous planning and the coordination This book would not have happened without Rukshana lending her ears to my original idea and giving it the shape that it needed to address the target audience, Shreerang's valuable inputs during the review, and Michelle's patience in coordinating with me and managing the schedule An extended thanks to Vrinda Amberkar and Devdutt Kulkarni for their exhaustive scrutiny of every minute detail of the transcript and bringing out a quality blueprint for release To Rick Garibay, Microsoft Connected Systems MVP and GM CS Practice at Neudesic, for taking time out from his extremely busy schedule and writing a foreword for this book To the reviewers, Senthil Kumar and Pushpendra Singh, for their valuable inputs and expert feedback To Pushpendra Singh, Principal Consultant at Neudesic for his invaluable contribution to Chapter Four and timely advice in making this project a success To the partners at Neudesic, Parsa Rohani, Tim Marshall, Anthony Ferry, and Ashish Agarwal for creating such a wonderful company with which I am proud to be associated To Mickey Williams, David Pallmann, Rick Garibay, David Barkol, Mark Kuperstein, and Suman Choppala from Neudesic for being a source of inspiration and giving me the courage to write To Shaun Cicoria from Microsoft for getting me started on the concepts of claims-based identity and helping with resources at critical times To Mahesh Pesani, Rajasekhar Tonduru, Hemant Joshi, and Rajesh Nair for their friendly tips on the source code and images in several recipes And to my family: my wife Sarita, my daughter Aayushi, and my parents, for letting me spoil countless of their weekends during the course of writing the book www.it-ebooks.info About the Reviewers Senthil Kumar is a Software Engineer with three years of experience in the IT industry He is currently working as a Software Engineer in Bangalore and works mainly on the Windows or Client Development technologies and has good working experience in C#, NET, Delphi, WinForms, and SQL Server He is also a Microsoft Certified Professional (MCP) in ASP.NET He blogs at http://www.ginktage.com and http://www.windowsphonerocks.com He enjoys learning as much as he can about all the things related to the technologies to get a well-rounded exposure of technologies that surround him Senthil completed his Master of Computer Applications from Christ College (Autonomous), Bangalore in the year 2009 and is an MCA rank holder He is passionate about the Microsoft technologies, especially Windows Phone development You can connect with him on Twitter (http://twitter.com/isenthil), on Facebook (http://www.facebook.com/kumarbsenthil), and on his blog (www.ginktage.com) Pushpendra Singh is a Principal Consultant at Neudesic, a Microsoft National Systems Integrator and Gold Certified Partner He is a senior member of Custom Applications Development Practice at Neudesic and has been working on Microsoft Technologies for the past years He has played the multiple roles including that of a Senior Architect on the enterprise-scale projects spanning several domains His recent focus has been on building scalable and future-proof applications using Microsoft NET Framework 4.0, Windows Azure, WCF, REST, WIF, WPF, and ASP.NET MVC He spends his free time reading books or playing outdoor games, such as soccer, volleyball, and cricket www.it-ebooks.info Chapter How it works The Central Access Policy you just created in Active Directory can now be applied to a file share in the file server and the policy will ensure that users will be able to access the files in the share only from devices that are managed by the primary administrator (adfsdemo\ administrator, in our example) The Managed By option can be set while creating a new Computer in Active Directory: There's more At an application level, NET Framework 4.5 will have the ability to identify User as well as Device claims sourced from identity attributes in Active Directory, as shown in the following screenshot: 261 www.it-ebooks.info Extension and Future of Windows Identity Foundation In NET Framework 4.5 the WindowsIdentity.GetCurrent (System.Security.Principal) method will automatically convert the Windows token details to claims Configuring Federation Services role in Windows Server Windows Server features Active Directory Federation Services 2.1 (AD FS 2.1) as an inbox server role In this recipe, we will find out the steps to configure AD FS 2.1 in Windows Server Getting ready You would need a Windows Server machine At the time of writing this book, a Developer Preview version is available for download from MSDN accounts How to it Follow these steps to configure AD FS 2.1: Click on the Server Manager application on the Start screen: 262 www.it-ebooks.info Chapter In the Server Manager Dashboard, click on the add roles step under the configure this local server quick start section: In the Add Roles and Features Wizard screen, select the Installation Type as Rolebased or Feature-based Installation, as shown in the following screenshot and click on Next: 263 www.it-ebooks.info Extension and Future of Windows Identity Foundation Select the server from the SERVER POOL section where you want the role to get installed and click on Next: Under the Server Roles section, check the Active Directory Federation Services checkbox: 264 www.it-ebooks.info Chapter The computer must be a part of the domain for AD FS Role to work In addition, you can also install the dependencies that you are prompted for: Complete the wizard to successfully add the Federation Services role 265 www.it-ebooks.info Extension and Future of Windows Identity Foundation How it works After the Federation Services role is successfully installed, you can manage it from the Server Manager console: The AD FS Management console application will now be available in the Start screen and you can use it to configure a Federation Server like the way you did in Chapter 5, Identity Management with Active Directory Federation Services There's more In addition to being a built-in role in Windows Server 8, AD FS 2.1 will feature support for Device claims from the Kerberos token 266 www.it-ebooks.info Index Symbols NET Framework 4.5 262 A Access Control Service See  ACS ACS about 7, 119 configuring, for ASP.NET MVC 120-129 prerequisites 120 working 130 ACS 2.0 used, for securing iOS applications 166-168 used, for securing Windows Phone applications 163-165 ACS 2.0 and OAuth used, for securing REST services 142-154 ACSAuthorizationManager class 148 ACS Management Service about 155 accessing 155 used, for configuring relying party application 156-162 working 162 ActAs method 74 Active Directory Domain Services 257 Active Directory Federation Services 2.0 See  AD FS 2.0 AD FS 2.0 about 171 configuring as identity provider, for Windows Azure hosted application 223-229 integrating, with Azure ACS 2.0 198-200 integrating, with Office 365 230, 231 prerequisites 224 troubleshooting, with debug tracing 201, 202 AD FS 2.0-Azure ACS 2.0 integration about 198 working 201 AD FS 2.0 debug trace log 203 AD FS 2.0 installation package download link 172 AD FS Role 182 applications configuring, for WIF runtime 38-41 ASP.NET MVC ACS, configuring 120-129 downloading 43 ASP.NET MVC web applications claims, implementing 42-51 ASP.NET Role Providers 245 ASPX View Engine using 68 assertion signing 15 assertion validator 236 Audience URI 44 AuthenticateAsync method ResponseData property 255 ResponseErrorDetail property 255 ResponseStatus property 255 AuthorizationContext class 11 Azure ACS 2.0 used, for securing Windows Metro applications 251-254 B Bearer-of-Key tokens 109 Button1_Click event handler 88, 102 www.it-ebooks.info C c2WTS about 110 working 113 c2WTS service configuring 110 cache credentials with, Password Vault 256 Central Access Rule creating 259 certificate logon 114 certificates, for claims-based applications configuring 34, 35 CheckAccessCore method 148 claim about 10 implementing, in ASP.NET MVC web applications 42-51 used, for implementing Single Sign-On 29 Claim class ClaimType property 10 Resource property 10 Right property 10 claims-based Access Control Policy creating 257-260 prerequisites 257 working 261 claims-based applications certificates, configuring 34, 35 claims-based architecture about 17 security, augmenting with 17-21 claims-based authentication and, forms-based authentication 216 disabling, in Microsoft Dynamics CRM Server 2011 222 enabling, in Microsoft Dynamics CRM Server 2011 222 for, Internet-Facing Deployment (IFD) 222 implementing, in ASP.NET MVC 58-67 implementing, in Microsoft Dynamics CRM Server 2011 217-221 implementing, SharePoint Server 2010 used 206-215 claims-based authorization implementing, in ASP.NET MVC 58-67 claims-based identity claims-based tokens designing, SAML used 11-13 claims-enabled WCF services designing 68-73 working 74 ClaimSet object 18 claims pipeline implementing 80-83 working 84 ClaimsTokenAuthenticator class 19 Claims-to-Windows Token Service (c2WTS) 80 collection of claims creating 8, CreateChildControls method 96 CreateRelyingPartyApplication method 160 CRM Application Pool 221 custom identity provider 216 custom IP-STS designing 85-91 working 91 custom RP-STS designing 92-97 working 98 D DeserializeToken abstract method 92 DeserializeToken method 94 Developer and Platform Evangelism (DPE) team 166 Development Fabric 230 Device claims 256 Directory Federation Services 2.1 (AD FS 2.1) 262 Directory Synchronization 231 E EntitySerializer helper class 145 Event Tracing for Windows (ETW) framework 203 F Facebook 119 configuring, as identity provider 136-142 268 www.it-ebooks.info federated security implementing, Security Token Service used 23-27 federation scenario implementing, with WIF and AD FS 2.0 185191 working 191 federation server about 172 configuring 172-181 functioning, verifying 181 working 181 federation server configuration prerequisites 172 Federation Services configuring, for using Server Manager console 182-185 Federation Services role, Windows Server configuring 262-265 working 266 Federation Utility 42 forms-based authentication 216 G GetAuthenticationResultAsync method 253 GetEncryptingCredentials method 86 GetIdentityProviderLoginUrlAsync method 254 GetSigningCredentials abstract method 86 GetTokenHandlerCollection method 93, 108 GetTokenHandler method 86 GetTokenTypeIdentifiers method 104 Google 119 configuring, as identity provider 131-135 H Holder-of-Key tokens 109 I identity abstracting , with claims 8-10 Identity and Access Management solutions stack 171 identity delegation implementing 192-197 working 197 Identity Provider (IP) 23 Identity Provider Security Token Service See  IP-STS identity, with AD FS 2.0 implementing, for Windows Azure hosted application 224 Impersonate method 113 includeGroups parameter 20 iOS applications securing, ACS 2.0 used 166-168 working 169 iOS toolkit URL 166 IP (IP-STS) 23 IP-STS 85 IsAuthenticated method 20 IsEncrypted method 86 Issue method 88 IssuerTokenResolver property 98 K Kerberos Key Performance Indicators (KPIs) 205 L launch Identity Federation Management Tool 231 Liberty Alliance Identity Federation Framework (ID-FF 1.2) 98 login URL, identity provider 256 M Memcached distributed cache 75 MemCachedSecurityTokenCache class 76 mex endpoint 27 Microsoft Dynamics CRM Server 2011 claims-based authentication implementing 217-221 Microsoft NET Framework 3.5 172 Microsoft Online Services Directory Synchronization tool URL 230 Microsoft Online Services Module URL 230 269 www.it-ebooks.info Microsoft SharePoint Server 2010 about 206 claims-based authentication, enabling 215 claims-based authentication, implementing 206-215 Microsoft SQL Server 181 Microsoft's identity and Access Management Paradigm 8, 37 Model Binding 68 MSDN article URL 117 MSDN documentation URL 28 N protocolMapping element 243 R RegisterRoutes method 144 Relying Party (RP) 23 Relying Party Security Token Service See  RPSTS REpresentational State Transfer (REST) service 142 RequestSecurityToken key 25 REST WCF service creating 142 RP (RP-STS) 23 RP-STS 92 S Net Named Pipes (IPC) 110 NTLM security tokens O OASIS 11 OASIS SAML 2.0 Token Profile 101 OAuth URL 142 Office 365 about 230 URL 230 Office 365-AD FS 2.0 integration about 230 prerequisites 230 working 231 OnBehalfOf method 74 Open Data (OData) protocol 155 OpenID 119 OpenID providers 155 Organization for the Advancement of Structured Information Standards See  OASIS P Page_Load method 89 ParseAttributesFromSecureToken method 93, 96 ParseAttributesFromSecurityToken method 108 proof token 25, 36 S4UClient class 114 Salesforce about 232 used, for implementing Single Sign-On 232235 SAML about 7, 11 used, for designing claims-based tokens 1113 working 14 SAML 1.1 80 SAML 2.0 about 80, 98 working 109 SAML 2.0 tokens support implementing 98-108 Saml2AuthenticationModule methods 250 Saml11Helper class 18 Saml11SecureTokenConsumer class 96 Saml11SecureTokenProvider class 88, 91 Saml11SecurityTokenHandler 91 SamlAdvice property 16 SamlAssertion class 15, 16 SAML authentication 206 SamlCondition property 16 SamlConfigTool 250 SamlProvider service creating 18, 19 SamlSecurityToken 15 serializing 16 270 www.it-ebooks.info SAML token 15 SecureTokenConsumerBase class 84, 92 SecureTokenProviderBase abstract class 85 SecureTokenProviderBase class 84 security augmenting, with claims-based architecture 17-21 Security Assertion Markup Language See  SAML SecurityAuthorizationManager 148 SecurityTokenCache 78 SecurityTokenHandlerCollection 91 SecurityTokenHandlerCollectionManager class 91 SecurityTokenHandlerCollection object 93, 98 SecurityTokenSerializerAdapter instance 91 Security Token Service used, for implementing federated security 23-27 SerializeToken method 91, 92, 95 Service Provider creating, SAML 2.0 Extension CTP used 247 Session Mode 75 SessionSecurityTokenCreated event 78 Simple Web Token (SWT) 165 Single realm STS 29 Single Sign-On creating 30 implementing, claims used 29 implementing, with Salesforce 232-235 working 31, 32 Single Sign-Out implementing 33, 34 working 33 Software Development Kit (SDK) 37 SQL Server using, as configuration database 181 static content security 114 svctraceviewer.exe tool 116 T Task Based Asynchronous Programming (TAP) concepts using 251 TokenFlowScope activity 246 TokenType property 104 troubleshooting AD FS 2.0, debug tracing used 201, 202 two-factor authentication (2FA) 206 U Undo method 113 Universal Description and Discovery Information See  UDDI UpnLogon method 113 User claims 256 User Principal Name (UPN) claim 110 V ValidateToken method 98, 109 verbose logging 203 Visual Studio 11 Developer Preview 257 W WCF REST service securing, with ACS and OAuth 142-154 working 154 WCF Workflow Service Application Role-based security, implementing 239 web-based identity providers Facebook, configuring 136-142 Google, configuring 131-135 leveraging 131 Windows Live 131 WebSTS.svclog file 116 WF Client Activities 246 WIF 7, 37 WIF Fiddler Inspection tool about 117 URL 117 WIF issues monitoring 114-117 troubleshooting 114-117 WIF runtime about 38 applications, configuring 38-41 working 42 WIF SAML 2.0 Extension CTP downloading 247 implementing 246-250 271 www.it-ebooks.info used, for creating Service Provider 247 working 250 WIF Session Mode enabling 75 implementing, with distributed token cache 75-78 WIF tracing 117 Windows Metro applications configuring 252 securing, Azure ACS 2.0 used 251-254 Windows Azure 119 Windows Azure Access Control Services See  ACS Windows Azure Access Control Services (Azure ACS 2.0) 251 Windows Azure hosted application AD FS 2.0, configuring as identity provider 223-229 Windows Azure Toolkit for iOS 166 Windows Azure Toolkit, for Windows with, Password Vault 256 Windows Azure Toolkit for Windows Phone about 163 URL 163 WindowsClaimSet class 10 Windows Communication Foundation (WCF) 24 Windows Communication Foundation (WCF) 4.0 services 37 Windows Identity Foundation 172 See  WIF claims pipeline, implementing 80-83 custom IP-STS, designing 85-91 custom RP-STS, designing 92-97 issues, monitoring in WIF 114-116 issues, troubleshooting in WIF 114-116 SAML 2.0 tokens support, implementing 98-108 Windows identity impersonation, implementing with c2WTS 110-112 Windows Identity Foundation Runtime 238 Windows identity impersonation implementing, with c2WTS service 110-112 Windows integrated authentication extending 52-56 working 57 Windows Internal Database 181 Windows Live ID 119 Windows Phone applications creating 163 securing, ACS 2.0 used 163-165 working 165 Windows PowerShell 172 Windows Server Federation Services role, configuring 262265 Windows Server Developer Preview 257 WinRT URL 255 Workflow Foundation Security Pack CTP about 238 used, for securing Workflow Services 238244 working 245 Workflow Services securing, Workflow Foundation Security Pack CTP used 238-244 WSFederationAuthenticationModule HTTP module 78 WS-Federation Passive Requestor Profile 29 Y Yahoo! 119 272 www.it-ebooks.info Thank you for buying Microsoft Windows Identity Foundation Cookbook About Packt Publishing Packt, pronounced 'packed', published its first book "Mastering phpMyAdmin for Effective MySQL Management" in April 2004 and subsequently continued to specialize in publishing highly focused books on specific technologies and solutions Our books and publications share the experiences of your fellow IT professionals in adapting and customizing today's systems, applications, and frameworks Our solution-based books give you the knowledge and power to customize the software and technologies you're using to get the job done Packt books are more specific and less general than the IT books you have seen in the past Our unique business model allows us to bring you more focused information, giving you more of what you need to know, and less of what you don't Packt is a modern, yet unique publishing company, which focuses on producing quality, cutting-edge books for communities of developers, administrators, and newbies alike For more information, please visit our website: www.PacktPub.com About Packt Enterprise In 2010, Packt launched two new brands, Packt Enterprise and Packt Open Source, in order to continue its focus on specialization This book is part of the Packt Enterprise brand, home to books published on enterprise software – software created by major vendors, including (but not limited to) IBM, Microsoft and Oracle, often for use in other corporations Its titles will offer information relevant to a range of users of this software, including administrators, developers, architects, and end users Writing for Packt We welcome all inquiries from people who are interested in authoring Book proposals should be sent to author@packtpub.com If your book idea is still at an early stage and you would like to discuss it first before writing a formal book proposal, contact us; one of our commissioning editors will get in touch with you We're not just looking for published authors; if you have strong technical skills but no writing experience, our experienced editors can help you develop a writing career, or simply get some additional reward for your expertise www.it-ebooks.info Microsoft Forefront UAG 2010 Administrator's Handbook ISBN: 978-1-84968-162-9 Paperback: 484 pages Take full command of Microsoft Forefront Unified Access Gateway to secure your business applications and provide dynamic remote access with DirectAccess Maximize your business results by fully understanding how to plan your UAG integration Consistently be ahead of the game by taking control of your server with backup and advanced monitoring An essential tutorial for new users and a great resource for veterans Applied Architecture Patterns on the Microsoft Platform ISBN: 978-1-849680-54-7 Paperback: 544 pages An in-depth, scenario-driven approach to architecting systems using Microsoft technologies Provides an architectural methodology for choosing Microsoft application platform technologies to meet the requirements of your solution Examines new technologies such as Windows Server AppFabric, StreamInsight, and Windows Azure Platform and provides examples of how they can be used in real-world solutions Considers solutions for messaging, workflow, data processing, and performance scenarios Please check www.PacktPub.com for information on our titles www.it-ebooks.info Microsoft Windows Intune 2.0: Quickstart Administration ISBN: 978-1-84968-296-1 Paperback: 312 pages Manage your PCs in the Enterprise through the Cloud with Microsoft Windows Intune This book and e-book will enable you to deliver Windows PC management to your users, no matter where in the world they physically sit and irrespective of your current knowledge of management and support processes Learn about moving to a single management strategy that enables flexibility required by different user types, including those not owned by the business Microsoft System Center 2012 Endpoint Protection Cookbook ISBN: 978-1-84968-390-6 Paperback: 350 pages Over 50 simple but incredibly effective recipe for installing and managing System Center 2012 Endpoint Protection Master the most crucial tasks you’ll need to implement System Center 2012 Endpoint Protection Provision SCEP administrators with just the right level of privileges, build the best possible SCEP policies for your workstations and servers, discover the hidden potential of command line utilities Quick and easy recipes to ease the pain of migrating from a legacy AV solution to SCEP Please check www.PacktPub.com for information on our titles www.it-ebooks.info .. .Microsoft Windows Identity Foundation Cookbook Over 30 recipes to master claims-based identity and access control in NET applications, using Windows Identity Foundation, Active... Programming with Windows Identity Foundation 37 Chapter 3: Advanced Programming with Windows Identity Foundation 79 Introduction 37 Configuring applications for Windows Identity Foundation runtime... Programming with Windows Identity Foundation, introduces Windows Identity Foundation that is a NET Framework runtime feature for building claims-based applications using Microsoft' s Identity and

Ngày đăng: 06/03/2019, 14:24

Từ khóa liên quan

Mục lục

  • Cover

  • Copyright

  • Credits

  • Foreword

  • About the Author

  • Acknowledgement

  • About the Reviewers

  • www.PacktPub.com

  • Table of Contents

  • Preface

  • Chapter 1: Overview of Claims-based Identity

    • Introduction

    • Abstracting identity with claims

    • Designing the claims-based tokens using Security Assertion Markup Language

    • Augmenting security with a claims-based architecture

    • Implementing federated security using a Security Token Service

    • Implementing Single Sign-On using claims

    • Implementing Single Sign-Out in a trust realm

    • Configuring certificates for the claims-based applications

  • Chapter 2: Programming with Windows Identity Foundation

    • Introduction

    • Configuring applications for Windows Identity Foundation runtime support

    • Implementing claims in ASP.NET MVC 3 Web Applications

    • Extending the Windows integrated authentication to support claims-based

    • identity

    • Implementing claims-based authentication and authorization in ASP.NET MVC 3

    • Designing claims-enabled WCF services

    • Implementing WIF Session Mode with a distributed token cache

  • Chapter 3: Advanced Programming with Windows Identity Foundation

    • Introduction

    • Implementing the claims pipeline

    • Designing a custom Identity Provider Security Token Service (IP-STS)

    • Designing a custom Relying Party Security Token Service (RP-STS)

    • Implementing support for SAML 2.0 tokens

    • Implementing Windows identity impersonation with Claims to Windows

    • Token Service (C2WTS)

    • Troubleshooting and monitoring in WIF

  • Chapter 4: Cloud-based Identity with Azure Access Control Service

    • Introduction

    • Configuring Access Control Service for an ASP.NET MVC 3 relying party

    • Leveraging web-based identity providers such as Windows Live, Google, and

    • Facebook

    • Designing secure REST services using ACS 2.0 and OAuth

    • Using ACS 2.0 Management Service

    • Securing Windows Phone applications using ACS 2.0

    • Securing iOS applications using ACS 2.0

  • Chapter 5: Identity Management with Active Directory Federation Services

    • Introduction

    • Configuring a federation server

    • Implementing a federation scenario with WIF and AD FS 2.0

    • Implementing a identity delegation

    • Integrating AD FS 2.0 with Azure ACS 2.0

    • Troubleshooting in AD FS 2.0 with debug tracing

  • Chapter 6: Enterprise Server Interoperability with WIF, Azure ACS 2.0, and AD FS 2.0

    • Introduction

    • Implementing claims-based authentication in Microsoft SharePoint Server 2010

    • Implementing claims-based authentication in Microsoft Dynamics CRM Server 2011

    • Implementing identity with AD FS 2.0 for the applications hosted on Windows Azure

    • Integrating AD FS 2.0 with Office 365

    • Implementing Single Sign-On with Salesforce

  • Chapter 7: Extension and Future of Windows Identity Foundation

    • Introduction

    • Securing Workflow Services using Workflow Foundation Security Pack CTP 1

    • Implementing WIF SAML 2.0 Extension CTP

    • Securing Windows 8 Metro applications using Azure ACS 2.0

    • Implementing machine-driven, claims-based access control with Windows Server 8

    • Dynamic Access Control and .NET

    • Framework 4.5

    • Configuring Federation Services role in Windows Server 8

  • Index

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan