wif

How to use JWT tokens with WCF and WIF?

不问归期 提交于 2019-11-30 04:17:34
问题 General notes We're using IdentityServer3 and have been very happy with it so far. We've gotten to secure MVC and ASP.NET Web API applications very easily with the help of both MS and Thinktecture OWIN middlewares. The client we're working for still has a lot of SOAP WCF services, and this is where we're getting stuck. The Setup I'm not gonna lie, I'm far from being experienced with WCF, I've only used it for very basic scenarios - understand basicHttpBinding, no transport nor message

Where is the Microsoft.IdentityModel dll

隐身守侯 提交于 2019-11-30 01:10:43
I have installed the Windows Identity Foundation but can't find the Microsoft.IdentityModel dll. According to the Azure Hands-on-Labs it should just be in Add Reference in VS2010. However it's not there. I also looked in c:\Program Files(x86)\Windows Identity Foundation* and it's not in there (or the 64 bit program files folder). Help! Eugenio Pace Have you installed Windows Identity Foundation and the companion WIF SDK ? How about a NuGet Windows Identity Foundation . Just add it you you project and away you go! Its one of the MS owned NuGets so should be maintained accordingly. EDIT: In

Decrypting SAML 2 assertion using .NET 4.5 (System.IdentityModel) / WIF

…衆ロ難τιáo~ 提交于 2019-11-29 19:21:23
问题 I am trying to decrypt an encrypted SAML 2.0 assertion issued from a Java-based Identity Provider. Given the following setup of security token handlers: X509Certificate2 cert = ... // Contains private key var serviceTokens = new List<SecurityToken>(); serviceTokens.Add(new X509SecurityToken(cert)); var issuers = new ConfigurationBasedIssuerNameRegistry(); issuers.AddTrustedIssuer("...thumbprint...", "nottherealname"); var configuration = new SecurityTokenHandlerConfiguration {

What's the difference between ADFS, WIF, WS Federation, SAML, and STS?

主宰稳场 提交于 2019-11-29 19:19:35
These are numerous technologies and buzzwords used for single sign-on with Microsoft services. Can someone explain ADFS, WIF, WS Federation, SAML, and STS (Security token service), including where and when each is being used. nzpcmad From a big picture viewpoint: Assume an ASP.NET browser-based application that requires authentication and authorization. The application can roll its own or it can outsource it. WIF is a .NET library that allows ASP.NET to implement this outsourcing. It talks to an STS ( ADFS is an instance of an STS) which authenticates against an identity repository and

How to set the timeout properly when federating with the ADFS 2.0

天大地大妈咪最大 提交于 2019-11-29 18:35:11
问题 I am using ADFS 2.0 for quite some time and I understand how things work. I've done dozen of custom RPs, custom STSes as well as using the ADFS as the relying STS. However, I have a simple requirement which I still fail to fulfill. I want my users to be forced to relogin after some fixed time. Let's say 1 minute, for test purposes. First, I've made some corrections at the RPs side. It seems that for unknown reason, the RP retains the session even if the token's validTo points back in time.

WIF Security Token Caching

橙三吉。 提交于 2019-11-29 18:09:28
问题 I have a site that is a relying party to our WIF-based custom STS. We recently implemented a Security Token Cache as described here: Azure/web-farm ready SecurityTokenCache. The major difference between our implementation and the one described in that link is that we use Azure AppFabric Caching as the backing store for the durable cache, rather than table storage. This helped to relieve us of a token truncation issue on certain browsers but has introduced a new problem (We see the truncation

Where did 'My" certificate store go? [closed]

萝らか妹 提交于 2019-11-29 16:23:51
问题 Because I'm awesome I'm trying to run the latest WIF demo app using VS2k10 B2 on my 7 boxen... 64bit of course (my neckbeard is strong) I'm having a problem getting it running. Part of the whole demo thing requires I install some certificates on the local machine. Problem is that they ask me to install some of the website certs into a certificate store called LocalMachine/My . Well, there doesn't appear to be any /My anymore. There appears a suspiciously similar store called Personal , but

SessionSecurityTokenHandler trying to decrypt SessionSecurityToken in RSA-encrypted cookie using DPAPI; why?

一曲冷凌霜 提交于 2019-11-29 14:39:50
问题 I have read in MSDN forums, Dominic Baier's blog, and in other sources that DPAPI will not work out-of-the box in Azure, and that one approach to handling federated authentication in any kind of web farm scenario is to replace the DPAPI transforms with one that uses a private key available across the farm, such as RSA encryption using an X509 certificate. I have taken this approach in my Azure MVC application and configured the SessionSecurityTokenHandler like this: FederatedAuthentication

URL redirection from ADFS server

喜你入骨 提交于 2019-11-29 13:29:10
问题 I'm using ADFS for authentication in my ASP.net web app. The STS server redirects the browser to https://test.contoso.com. STS doesn't allow any return URL parameter when redirecting the client to STS in the first place. Would it be possible to redirect the browser from https://test.contoso.com (after redirection from STS) to any other URL, say https://variableName.test1.contoso2.com ? Any help is much appreciated. 回答1: Upon authentication, ADFS by default should redirect the user to the

ADFS 2.0 time out and relation between Freshness Value,TokenLifetime and WebSSOLifetime parameters

末鹿安然 提交于 2019-11-29 11:02:39
I am interested to know the relation between Freshness Value,TokenLifetime and WebSSOLifetime parameters in ADFS 2.0 time out scenario. I have already did my bit of analysis on this and I am yet to get a clear picture. I have collected the below details w.r.t ADFS timeout through several sources. There are two major timeouts involved in the ADFS configuration: WebSSOLifetime – Server wide timeout parameter – Default value = 480 mins TokenLifetime – This is configured for each Relying party – Default value = 10 hours WebSSOLifetime: This is a server wide setting which applies to all the RP’s
订阅 wif