.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

AD FS 2.0 in Identity Solutions: Using Active Directory Federation Services 2.0 in Identity Solution

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

This article explains how you can use Active Directory Federation Services (AD FS) 2.0 to claims-enable Windows Communication Foundation (WCF) services and browser-based applications. The focus is on the token issuance functionality in AD FS 2.0. You'll find out how to use AD FS 2.0 as an identity provider; set up an AD FS 2.0 security token service (STS) to interact with WCF; federate AD FS 2.0 with your custom STS or another AD FS 2.0; enable Web single sign-on and federation with WS-Federation and SAML 2.0 protocols; and externalize authentication logic through Visual Studio. You'll come away appreciating how AD FS 2.0 and Windows Identity Foundation make programming identity solutions in Windows less of a chore.

Zulfiqar Ahmed

MSDN Magazine November 2009

View Complete Post

More Related Resource Links

Single Sign-On: A Developer's Introduction To Active Directory Federation Services


Use Active Directory Federation Services to allow other organizations to use your Web applications without the need for you to grant access explicitly.

Keith Brown

MSDN Magazine November 2006

Identity: Secure Your ASP.NET Apps And WCF Services With Windows CardSpace


Windows CardSpace replaces traditional authentication with a more consistent and streamlined login process and improves trust between end-users, applications and services. Michèle Leroux Bustamante explains.

Michele Leroux Bustamante

MSDN Magazine April 2007

Got Directory Services?: New Ways to Manage Active Directory using the .NET Framework 2.0


System.DirectoryServices is a managed code layer on top of Active Directory Service Interfaces, and you can employ it to better manage Active Directory from your code. Here Ethan Wilansky helps you get started.

Ethan Wilansky

MSDN Magazine December 2005

InfoPath Form Forms Services and Identity?

We have an InfoPath form running under InfoPath forms services that opens a data connection to a SQL database to invoke a stored procedure using Integrated Security.  It connects as NT AUTHORITY\ANNONYMOUS  LOGIN and is denied access. The following query failed: CPI_RPI_Table (User: LITWARE\smith, Form Name: CPI-RPI-Index-Published, IP: , Request: https://www.litware.com/_layouts/Postback.FormServer.aspx, Form ID: urn:schemas-microsoft-com:office:infopath:CPI-RPI-Index-Published:-myXSD-2010-09-14T19-44-07, Type: DataAdapterException, Exception Message: The form cannot connect to the data source. Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.) When we run it in the InfoPath client, it connects with the users credentials. Can we have the form default to another identity, that of the SharePoint Service acount? Thanks, Nikos

Windows Identity Foundation (Claims Based Authentication) for Reporting Services



I see that SQL Server 2008 R2 Reporting Services now supports Claims Based Authentication in Sharepoint 2010, meaning that end users can authenticate with Sharepoint using Claims Based Authentication, and use the same security tokens to connect through to Reporting Services.

I assume that behind the scenes Sharepoint is using Windows Identity Foundation (WIF - formerly codenamed "Geneva") to handle the authentication, and passing this on to Reporting Services.

I'm keen to use Windows Identity Foundation to authenticate with Reporting Services without Sharepoint. We have an existing ASP.NET web application, and we'd like to call Reporting Services from that, passing on the Windows Identity Foundation credentials of the user logged into our web application.

I've done some work on setting up a custom security extension using Forms Authentication (based on the sample), but am not sure how to proceed from there.

Google/Bing hasn't been helpful. Can you please point me to some guidance on how to set up Windows Identity Foundation authentication for Reporting Services?<

Can I pass a user's active directory group as a parameter to reporting services?


Hi there,

I am wondering if I can pass a user's active directory group as a parameter to reporting services? If so, how can I do that (e.g. where can I get that group from?)?

Is there something as User.UserID for active directory groups?

Many Thanks and best wishes



WCF: Determining Caller Identity within WCF Web Services, Part 2

Learn to determine the identity of the caller of a Windows Communication Foundation (WCF) web service that you consume as an external content type from BCS.

Active Directory Certificate Services + ASP.NET



We have a requirement to issue certificates from our organization for the purpose of authentication to our ASP.NET application. The client certificates are installed on client machines and submited to ASP.NET application. The ASP.NET application checks a field from certificate (Eg: Subject O) and authenticate the user.


Deployment is done on Windows Server 2008. Use Active Directory Certificate Services to issue client certificates for users. AD CA is installed as Stand Alone (no AD integration) with certsrv Web App enabled. This allow users to connect to a web site (certsrv) and to make certificate requests using the Web Browser Certificate request option.


1) When the user press Web Browser Certificate he is presented with a couple of fields to complete. We need one additional field (Eg: ID) so that we can identify the user in our database (after this certificate is submited to our web application). So the problem is how can we add or remove fields at Identifying Information step?

2) After the user submits the request (complete all the requested fields) we need to automatically allow user to download the certificate if the ID is correct without having an administrator to verify the request certificate queue. So the problem is how can we automatically approve the certificate request?

Building a Searchable Phone Directory with Windows SharePoint Services

I want to continue to build out the intranet site we've started in our previous articles. A standard item in every intranet is a staff/employee list. Most companies implementing Windows SharePoint Services (WSS) are large enough to have a database that contains all employees. We will use the aggregation features of SharePoint to include data from this database into our intranet.

Pass ASP.NET membership identity object across domain?


I am trying to figure a way to SSO with ASP.NET membership and role model.

I can implement custom membership provider which consume web services hosting on a server.

With encryption of data. No problem.

But my question is, If I sign on a website with my provider, got my identity object on that application,

could I pass it to another website on another domain which use the same provider and by doing so, do not need to login again?

If this is possible, I am going to implement this solution. Please tell me what's your take on this.

How to set SearchRoot Path in Active Directory in this scenario


How to set SearchRoot Path in Active Directory in this scenario:

Functionality: We have scenario that 1<sup>st</sup> hit one LDAP server with some 'fixed user name' &' fixed password ' and filter data with specific User name(which given by user) getting 'User dn'.

After that we hit Next LDAP server based on the 'User dn' getting from 1<sup>st</sup> server.

(So, in my case 1<sup>st</sup> LDAP server works like as Load balancing server but functionalitywise it is different)


active directory exception unusual behaviour


i have a small problem
i want user names from active directory for an auto completer type of service
the method is always throwing an exception 
"searcher.FindAll()' threw an exception of type 'System.DirectoryServices.DirectoryServicesCOMException' System.DirectoryServices.SearchResultCollection 

Active Directory and .NET: paging the search result

Hi everybody!

I have a question about Active Directory in .NET
For my project I need to fetch results from Active Directory search page by page, because later I would need to bind it to the pageable DataGrid.

I tried to use .NET library DirectoryServices for that, but paging provided by this library is transparent to the user and is used only to increase the efficiency of searching, when results are too big. I.e. I cannot tell the DirectorySearcher to give me first page, then the next or previous page, it returns me all resulting pages in one bundle.

However, what I need is to explicitely get page after page directly from the AD searcher and to be able to go at least one page forward or backward.

The solution with copying all results to the DataBase and then do the paging is not accepeted by the clent, since it is too inefficient. And since it's a Web app, I cannot keep results in memory either.

I found some hints about COM Interface, but I could not find good and detailed examples or explanations. I aslo found this line of code: DirectoryServices.Interop.IDirectorySearch.ExecuteSearch(), but I don't know which libraries should i add to be able to compile this code.

If somebody could help me out with that problem, any suggestion is welcome, 'cause this issue is eating me alive :)

Thank you!

Error on Display user's fullname using Active Directory in asp.net using vb.net



wi As System.Security.Principal.WindowsIdentity =  _System.Security.Principal.WindowsIdentity.GetCurrent()



Dim a As String() = HttpContext.Current.User.

Getting list of users reporting from specific Manager from Active Directory


Dear All,

I am have requirement like displaying all the user information reporting to specific manager from Active Directory.

Please help me regarding this.



List Users from Active Directory


When i try to List the users from Active directory, i get this exception.

Error while processing.System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindAll()

The code i used is :

DirectoryEntry de = new DirectoryEntry(_path);DirectorySearcher deSearch = new DirectorySearcher();

deSearch.SearchRoot =de;

deSearch.Filter = "(&(objectClass=user) (cn=" + UserName +"))";

SearchResultCollection results = deSearch.FindAll();

 But the DirectoyEntry method is getting validated if i use the overloaded method : DirectoryEntry(_path, domainAndUsername, password);

Please advice me.

Federated Identity: Passive Authentication for ASP.NET with WIF


The goal of federated security is to provide a mechanism for establishing trust relationships between domains. Platform tools like Windows Identity Foundation (WIF) make it much easier to support this type of identity federation. We show you how.

Michele Leroux Bustamante

MSDN Magazine August 2010

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend