1 / 26

Windows Identity Foundation Overview

SVC02. Windows Identity Foundation Overview. Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation. Agenda. Claims Based Identity Windows Identity Foundation. Your Applications Are Prisoners. Login.aspx. Page1.aspx. Credential Stores. Credential Types / APIs.

chana
Télécharger la présentation

Windows Identity Foundation Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SVC02 Windows Identity Foundation Overview Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation

  2. Agenda • Claims Based Identity • Windows Identity Foundation

  3. Your Applications Are Prisoners Login.aspx Page1.aspx Credential Stores Credential Types / APIs User Attributes Stores

  4. Identification in Real Life Works Pretty Well…How Do We Do That? Externalizes Authentication Gets user info from the document

  5. Claims Can Set Your Application Free Identity Provider Active Directory Federation Services 2.0 STS Claims Relying Party Security Token

  6. Claims Based Identity: it’s EASY! demo

  7. Essential claims programming model • Claims OM integrated with the .NET identity API • Single programming model for ASP.NET & WCF • Config driven • Single programming model for on-premises & cloud • Tools for metadata-driven automatic app configuration • WS-Federation, WS-Trust • Framework for custom STS development • And more…

  8. Windows Identity FoundationObject Model void Page_Load(object sender, EventArgs e) { IClaimsPrincipalicp = (IClaimsPrincipal) Thread.CurrentPrincipal; IClaimsIdentityclaimsIdentity = (IClaimsIdentity)icp.Identity; ageClaimValue = (fromcinclaimsIdentity.Claims wherec.ClaimType == "http://MyNS/AgeClaim" selectc.Value ).Single(); } Claim IClaimsPrincipal IClaimsIdentity Claims Subject IClaimsIdentity Claim IClaimsIdentity Claim Identities Issuer OriginalIssuer Delegate ClaimType IIdentity AuthenticationType IsAuthenticated Name IPrincipal IsInRole Value Identity ValueType

  9. Windows Identity FoundationVisual Studio Integration • Tools for establishing and maintaining trust • VS templates for claims-aware websites and services • Ready-to-use ASP.NET controls

  10. Windows Identity FoundationHttpModules • HTTPModule(s) in the ASP.NET pipeline of the app • They take care of exposing policy, manage protocol redirects, establish sessions… • WSFederationAuthenticationModule • Implements the WS-Federation redirects protocol • SessionAuthenticationModule • Takes care of handling sessions (regardless of the sign-in protocol) • ClaimsPrincipalHttpModule • Provides a hook for injecting claims in the current principal

  11. Fabrikam Shipping:- Basic Authentication Externalization- Claims Consumption demo

  12. WIF ASP.NET Processing Pipeline WSFAM SecurityTokenHandler ClaimsAuthenticationManager SessionAuthenticationModule ClaimsAuthorizationManager

  13. WIF & Authorization • ASP.NET roles will work “as is” • IsInRole, <authorization> element • Any incoming claim type can be used as role • Claims authorization can be much more sophisticated that RBAC • Age thresholds, dates, spending limits… • WIF offers a hook for your authZ logic • ClaimsAuthorizationManagerclass • Provide your implementation of CheckAccess • Add it in the WIF pipeline via config

  14. WIF and WCFInitializing the WIF Pipeline in WCF • Same programming model as ASP.NET… • …different hosting architecture • Self-Hosted services: • Call FederatedServiceCredentials.ConfigureServiceHost(host)on your ServiceHostbeforeOpening it • Web activated services: • Derive a new factory from ServiceHostFactory • Override CreateServiceHostand use the above ConfigureServiceHostcall in it • Use your custom factory in the @ServiceHost directive of your .svc file

  15. WIF and WCFWIF Bindings • UserNameWSTrustBinding • CertificateWSTrustBinding • WindowsWSTrustBinding • KerberosWSTrustBinding • IssuedTokenWSTrustBinding

  16. Fabrikam Shipping:- Authorization- WIF & WCF Services demo

  17. Developing an STS with WIF • WIF provides building blocks for custom STS development • AD FS 2.0 is built with WIF! • Same programming model for all hosting options • Active: WCF • Passive: ASP.NET • Wizards & Templates create a skeleton STS in no time • Perfect for testing purposes • Main activities • Decide who to trust • Decide which kind of credentials you’ll accept • Provide all the cryptographic material for signing & encrypting • Hook in the logic for retrieving claim values

  18. Delegation: Flowing Identity Through Tiers STS STS Frontend Backend

  19. Fabrikam Shipping:- Custom STS- Delegation demo

  20. We Barely Scratched the Surface… • TrustChannel • WIF SAML2N • Advanced session management • Step-up authentication • Web farms • Windows Azure • …

  21. Identity @ PDC 2009 • Come visit us at the booth in the pavilion! • Try a hands on lab • Introduction to Windows Identity Foundation • Using WIF to Secure Windows Azure Applications • Attend identity sessions • SVC28: System.Identity Model Accessing Directory Services • PR11: Leveraging & Extending SharePoint Identity Features • SVC26: How Microsoft SharePoint 2010 was Built with WIF • SVC17: Enabling SSO to Windows Azure Applications • SVC02: Windows Identity Foundation Overview • SVC19: REST Security Services in Windows Azure using the Access Control Service

  22. Summary • Claims-base identity simplifies authentication, authorization and customization for your apps • WIF makes easy for .NET developers to program with claims Free your applications…

  23. YOUR FEEDBACK IS IMPORTANT TO US! Please fill out session evaluation forms online at MicrosoftPDC.com

  24. Learn More On Channel 9 • Expand your PDC experience through Channel 9. • Explore videos, hands-on labs, sample code and demos through the new Channel 9 training courses. channel9.msdn.com/learn Built by Developers for Developers….

More Related