.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Security Briefs: Exploring Claims-Based Identity

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

Keith Brown introduces you to the new identity model in the Microsoft .NET Framework 3.0.

Keith Brown

MSDN Magazine September 2007

View Complete Post

More Related Resource Links

Security Briefs: Exploring S4U Kerberos Extensions in Windows Server 2003


Building Web sites that provide services external to the corporate firewall is tricky. Usually it's not desirable to grant corporate domain accounts to external clients, and from a purely practical standpoint Kerberos does not work well over the Internet due to the typical configuration of client-side firewalls.

Keith Brown

MSDN Magazine April 2003

Video: Introduction to Claims-based Security in SharePoint 2010

Learn how claims-based identity provides a common way for applications to acquire identity information from users inside their organization, in other organizations, and on the Internet. (Length: 23:46)

Windows Identity Foundation (Claims Based Authentication) for Reporting Services



I see that SQL Server 2008 R2 Reporting Services now supports Claims Based Authentication in Sharepoint 2010, meaning that end users can authenticate with Sharepoint using Claims Based Authentication, and use the same security tokens to connect through to Reporting Services.

I assume that behind the scenes Sharepoint is using Windows Identity Foundation (WIF - formerly codenamed "Geneva") to handle the authentication, and passing this on to Reporting Services.

I'm keen to use Windows Identity Foundation to authenticate with Reporting Services without Sharepoint. We have an existing ASP.NET web application, and we'd like to call Reporting Services from that, passing on the Windows Identity Foundation credentials of the user logged into our web application.

I've done some work on setting up a custom security extension using Forms Authentication (based on the sample), but am not sure how to proceed from there.

Google/Bing hasn't been helpful. Can you please point me to some guidance on how to set up Windows Identity Foundation authentication for Reporting Services?<

Security Briefs: View State Security


Effectively managing user state in web applications can be a tricky balancing act of performance, scalability, maintainability and security. The security consideration is especially evident when you're managing user state stored on the client. Here's what you need to know about view state security.

Bryan Sullivan

MSDN Magazine July 2010

Security Briefs: Regular Expression Denial of Service Attacks and Defenses


Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.

Bryan Sullivan

MSDN Magazine May 2010

Security Briefs: Add a Security Bug Bar to Microsoft Team Foundation Server 2010


Take a peek inside Microsoft's strict development security structure as Bryan Sullivan describes the objective security bug classification system?the "bug bar"?used by internal product and online services teams. He will show you how to incorporate this classification system into your own development environment using Microsoft Team Foundation Server 2010.

Bryan Sullivan

MSDN Magazine March 2010

Security Briefs: Security Compliance as an Engineering Discipline


Many companies starting out with the SDL are doing so in combination with a security compliance program. We'll show you some best practices and pitfall we've seen when employing SDL principles for compliance.

Brad Hill

MSDN Magazine February 2010

Claims-Based Apps: Claims-Based Authorization with WIF


Over the past few years, federated security models and claims-based access control have become increasingly popular. Platform tools in this area have also come a long way. Windows Identity Foundation (WIF) is a rich identity model framework designed for building claims-based applications and services and for supporting active and passive federated security scenarios.

Michele Leroux Bustamante

MSDN Magazine November 2009

CLR Inside Out: Exploring the .NET Framework 4 Security Model


The .NET Framework 4 introduces many updates to the .NET security model that make it much easier to host, secure and provide services to partially trusted code. This article dives into the many features and benefits of the .NET security model.

Andrew Dai

MSDN Magazine November 2009

Security Briefs: XML Denial of Service Attacks and Defenses


This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.

Bryan Sullivan

MSDN Magazine November 2009

Security Briefs: A Follow-on Conversation about Threat Modeling


This article explores the use of threat modeling to address security concerns in your applications.

Michael Howard

MSDN Magazine September 2009

Security Briefs: Cryptographic Agility


Even if you use only the most secure algorithms and the longest key lengths, there's no guarantee that the code you write today will remain secure. A better alternative is to plan for agility from the beginning. Rather than hard-coding specific cryptographic algorithms into your code, use one of the crypto-agility features built into the Microsoft .NET Framework. This article shows you how.

Bryan Sullivan

MSDN Magazine August 2009

Security Briefs: A Conversation About Threat Modeling


Listen in on a chat between a developer and security pro that delves into some of the major Security Development Lifecycle (SDL) requirements we impose on product teams here at Microsoft

Michael Howard

MSDN Magazine May 2009

Security Briefs: Protect Your Site With URL Rewriting


Learn the numerous ways in which you can rewrite URLs to defend against common Web vulnerabilities.

Bryan Sullivan

MSDN Magazine March 2009

Security Briefs: Getting Started With The SDL Threat Modeling Tool


The Security Development Lifecycle (SDL) threat modeling tool helps you develop great threat models as a backbone of your security process. We'll show you how it works.

Adam Shostack

MSDN Magazine January 2009

Geneva Framework: A Better Approach For Building Claims-Based WCF Services


Here we introduce Microsoft Code Name "Geneva," the new framework for building claims-based applications and services, and federated security scenarios.

Michele Leroux Bustamante

MSDN Magazine December 2008

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend