claims-based-identity

Specifying Required / Optional Claim Types in the Relying Party for a Passive STS

I have an asp.net application (relying party) that uses a passive STS for authentication and retrieval of claim values. The relying party is using the FederatedAuthenticationModule (FAM) to enable a passive redirect to the sts. I found documentation on how to specify required claims when using InformationCards, but have yet to find det...

Moving from ADFS to the Geneva Framework

My company is in need of a federated identity solution, and being a Microsoft shop, we're looking to use MS technologies to accomplish this goal. We don't have Server 2008 or .NET 3.5 in production, so we're limited to a .NET 2.0/Server 2003-based solution. This means (in terms of a federated identity solution), Active Directory Federa...

Simple Claims Transformation for an RP-STS in Geneva Framework

Hi After reading the MSDN article (http://msdn.microsoft.com/en-us/magazine/2009.01.genevests.aspx) on implementing a Custom STS using the Microsoft Geneva Framework I am a bit puzzled about one of the scenarios covered there. This scenario is shown in figure 13 of the above referenced article. My questions are around how does the RP i...

Using 'System.Identity.Model.Claims' for Authorization and Authentication

I want to add authentication and authorization to my application. I do not want to use Active Directory for this. Should I use System.IdentityModel.Claims to do this? Will using System.IdentityModel.Claims make it easier to implement authentication and authorization and why/why not? ...

Geneva Server STS

My requirement is the claims assigned to a user are company aware so say for example User 1: is publisher for Product Manager for Company 1 but the same user is only editor for Company B. Can this be achieved through Geneva Server, or additional code needs to be written to override classes. ...

Claims + Tokens library for c#

Is there a library for c# that allows me to build an encrypted token containing claims, and then gives me an API to check if a token contains the claims I'm interested in? Similar to how ".NET Access Control Service" works. I hope the question is clear. Thanks, Nestor ...

Using SQL Account Store in Geneva

Geneva has me pretty hot and bothered as a potential to solve complicated auth and SSO issues that have been presented to us by our customers. I understand that Geneva supports custom and SQL-based attribute stores. However, I need support for custom and SQL-based account stores. Unfortunately, I can't find any solid confirmation or de...

MVVM on top of claims aware web services

Hello experts, I'm looking for some input for a challenge that I'm currently facing. I have built a custom WIF STS which I use to identify users who want to call some WCF services that my system offers. The WCF services use a custom authorization manager that determines whether or not the caller has the required claims to invoke a given...

Custom Claims with Geneva framework and how to "synch" users whitin your app

Hi there Maybe this question highlights how little I know about claims identity management, but here it goes. If using WIF within an application that uses a third party STS for Identity and that uses custom claims for authorization ( something pertinent and specificto the application like CanCreateFooBar ) 1) How do I manage the users...

What are good ways to architect a custom "ClaimsAuthorizationManager" Windows Identity Foundation class?

I am working on the very first project at my office where we will be using "Windows Identity Foundation" with Claims-Based-Authorization. To this end, Microsoft .net provides the ClaimsAuthorizationManager abstract class. In order to use this class, you override two methods: the constructor and CheckAccess(context as ClaimsAuthorizatio...

ASP.NET MVC 2 and authentication using WIF (Windows Identity Foundation)

Are there any decent examples of the following available: Looking through the WIF SDK, there are examples of using WIF in conjunction with ASP.NET using the WSFederationAuthenticationModule (FAM) to redirect to an ASP.NET site thin skin on top of a Security Token Service (STS) that user uses to authenticate (via supplying a username and...

Windows Identity Foundation in SharePoint 2007

Hi, I've been reading about SharePoint 2010's Claims based authentication support. At this point, my shop has several clients who may not upgrade for a while, however. In making our other services claims compatible, we're wondering if claims based authentication is realistic without a great deal of reworking of existing code in our 20...

Windows Identity framework with windows XP

How can use the Windows Identity Foundation SDK with Windows XP ? ...

SharePoint 2010 and FBA

Hi, I an trying to setup Forms Based Authentication using ASPNetSQLMembershipProvider. In 2010 Beta 2, I was able to do this in classic mode, and it worked. With the RTM, it is no longer supported under classic mode, and I must switch to Claims based Authentication. So I created a new web application, and configured everything in sharepo...

ADFS 2.0 - ID3206 - A signin response may only redirect within the current web application

I've recently bumped into this issue: http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/adcdd533-d5e3-4af9-b3f5-b9a6d06b5c44?prof=required Does anyone have any ideas around this? ...

Difference between Claims vs OAuth

What is the difference between Claims based authentication vs What is provided by OAuth. I am looking for conceptual difference and not technical difference. When do I choose Claims over OAuth and vice versa. Claims based authentication is proposed by Microsoft and build on top of WS-Security. But OAuth is more a open source protocol t...

Restricting access to records. Is claim-based permissions a good idea.

in .net Claim-based identity framework If i wanted to restrict users to do an operation (view or edit) on let's say an account, a particular account #123456.(i am talking about business entity, like a bank account.) Is it a good idea to create a claim for each account they can view or edit? Any disadvantages of having a lot of claims ...

Creating custom IP-STS for sharepoint foundation 2010 without ADFS

I plan to create very simple custom IP-STS for SharePoint foundation 2010 without ADFS server so anyone can integrate Windows Live ID to SharePoint foundation 2010 simply without ADFS, I can't use ADFS server because it could not install on Windows Web Server 2008 (Web Edition), also I found many article use LDAP provider but it does not...

Claims-based Authentication: Are strings the essence of claims?

I've been programming with claims-based authentication for some time now with Windows Identity Foundation. It appears to me that in Windows Identity Foundation, once a user is logged in, the claims are basically strings of information that describe the user. With the old role-based authentication, I could say that a user is or is not a...

Sliding Expiration in ASP.NET web app using claims from STS

Two questions: 1) How/where do I set the lifetime of the session cookie in my web application when using an STS to get claims? From what I can tell, it seems I can only do this programmatically in the ServiceConfigurationCreated event. 2) How/where can I make sure that the expiration is sliding? ...