I have an asp.net application (relying party) that uses a passive STS for authentication and retrieval of claim values. The relying party is using the FederatedAuthenticationModule (FAM) to enable a passive redirect to the sts. I found documentation on how to specify required claims when using InformationCards, but have yet to find det...
My company is in need of a federated identity solution, and being a Microsoft shop, we're looking to use MS technologies to accomplish this goal. We don't have Server 2008 or .NET 3.5 in production, so we're limited to a .NET 2.0/Server 2003-based solution. This means (in terms of a federated identity solution), Active Directory Federa...
Hi After reading the MSDN article (http://msdn.microsoft.com/en-us/magazine/2009.01.genevests.aspx) on implementing a Custom STS using the Microsoft Geneva Framework I am a bit puzzled about one of the scenarios covered there. This scenario is shown in figure 13 of the above referenced article. My questions are around how does the RP i...
I want to add authentication and authorization to my application. I do not want to use Active Directory for this. Should I use System.IdentityModel.Claims to do this? Will using System.IdentityModel.Claims make it easier to implement authentication and authorization and why/why not? ...
My requirement is the claims assigned to a user are company aware so say for example User 1: is publisher for Product Manager for Company 1 but the same user is only editor for Company B. Can this be achieved through Geneva Server, or additional code needs to be written to override classes. ...
Is there a library for c# that allows me to build an encrypted token containing claims, and then gives me an API to check if a token contains the claims I'm interested in? Similar to how ".NET Access Control Service" works. I hope the question is clear. Thanks, Nestor ...
Geneva has me pretty hot and bothered as a potential to solve complicated auth and SSO issues that have been presented to us by our customers. I understand that Geneva supports custom and SQL-based attribute stores. However, I need support for custom and SQL-based account stores. Unfortunately, I can't find any solid confirmation or de...
Hello experts, I'm looking for some input for a challenge that I'm currently facing. I have built a custom WIF STS which I use to identify users who want to call some WCF services that my system offers. The WCF services use a custom authorization manager that determines whether or not the caller has the required claims to invoke a given...
Hi there Maybe this question highlights how little I know about claims identity management, but here it goes. If using WIF within an application that uses a third party STS for Identity and that uses custom claims for authorization ( something pertinent and specificto the application like CanCreateFooBar ) 1) How do I manage the users...
I am working on the very first project at my office where we will be using "Windows Identity Foundation" with Claims-Based-Authorization. To this end, Microsoft .net provides the ClaimsAuthorizationManager abstract class. In order to use this class, you override two methods: the constructor and CheckAccess(context as ClaimsAuthorizatio...
Are there any decent examples of the following available: Looking through the WIF SDK, there are examples of using WIF in conjunction with ASP.NET using the WSFederationAuthenticationModule (FAM) to redirect to an ASP.NET site thin skin on top of a Security Token Service (STS) that user uses to authenticate (via supplying a username and...
Hi, I've been reading about SharePoint 2010's Claims based authentication support. At this point, my shop has several clients who may not upgrade for a while, however. In making our other services claims compatible, we're wondering if claims based authentication is realistic without a great deal of reworking of existing code in our 20...
How can use the Windows Identity Foundation SDK with Windows XP ? ...
Hi, I an trying to setup Forms Based Authentication using ASPNetSQLMembershipProvider. In 2010 Beta 2, I was able to do this in classic mode, and it worked. With the RTM, it is no longer supported under classic mode, and I must switch to Claims based Authentication. So I created a new web application, and configured everything in sharepo...
I've recently bumped into this issue: http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/adcdd533-d5e3-4af9-b3f5-b9a6d06b5c44?prof=required Does anyone have any ideas around this? ...
What is the difference between Claims based authentication vs What is provided by OAuth. I am looking for conceptual difference and not technical difference. When do I choose Claims over OAuth and vice versa. Claims based authentication is proposed by Microsoft and build on top of WS-Security. But OAuth is more a open source protocol t...
in .net Claim-based identity framework If i wanted to restrict users to do an operation (view or edit) on let's say an account, a particular account #123456.(i am talking about business entity, like a bank account.) Is it a good idea to create a claim for each account they can view or edit? Any disadvantages of having a lot of claims ...
I plan to create very simple custom IP-STS for SharePoint foundation 2010 without ADFS server so anyone can integrate Windows Live ID to SharePoint foundation 2010 simply without ADFS, I can't use ADFS server because it could not install on Windows Web Server 2008 (Web Edition), also I found many article use LDAP provider but it does not...
I've been programming with claims-based authentication for some time now with Windows Identity Foundation. It appears to me that in Windows Identity Foundation, once a user is logged in, the claims are basically strings of information that describe the user. With the old role-based authentication, I could say that a user is or is not a...
Two questions: 1) How/where do I set the lifetime of the session cookie in my web application when using an STS to get claims? From what I can tell, it seems I can only do this programmatically in the ServiceConfigurationCreated event. 2) How/where can I make sure that the expiration is sliding? ...