Clik here to view.
Handling Configuration Changes in Windows Azure Applications
While finalizing StarterSTS 1.5, I had a closer look at lifetime and configuration management in Windows Azure. (this is no new information – just some bits and pieces compiled at one single place –...
View ArticleClik here to view.
Unlocking the SSL Section in Windows Azure Web Roles
Posting the favourite command line snippet seems to be the newest hobby for Azure developers Here’s one that is useful to unlock the SSL section (e.g. for client certificates):...
View ArticleClik here to view.
Windows Azure Diagnostics: Next to Useless?
To quote my good friend Christian: “Tracing is probably one of the most discussed topics in the Windows Azure world. Not because it is freaking cool – but because it can be very tedious and partly...
View ArticleClik here to view.
Windows Azure Root CAs and SSL Client Certificates
I ran into some problems while trying to make SSL client certificates work for StarterSTS 1.5. In theory you have to do two things (via startup tasks): Unlock the SSL section in IIS Install all the...
View ArticleClik here to view.
Adding a Certificate to the Root Certificate Store from the Command Line...
The title says it all certutil -addstore root LeastPrivilegeCA.cer Filed under: Azure
View ArticleClik here to view.
Logging Output of Azure Startup Tasks to the Event Log
This can come in handy when troubleshooting: using System; using System.Diagnostics; using System.Text; namespace Thinktecture.Azure { class Program { static EventLog _eventLog = new...
View ArticleClik here to view.
StarterSTS 1.5
I have the 1.5 version of StarterSTS sitting here for quite some time now. But I was always reluctant to release it. Some of the reasons are: too many new features for a single (small) version change....
View ArticleClik here to view.
Access Control Service: Home Realm Discovery (HRD) Gotcha
I really like ACS2. One feature that is very useful is home realm discovery. ACS provides a Nascar style list as well as discovery based on email addresses. You can take control of the home realm...
View ArticleClik here to view.
Weird 302 Redirects in Windows Azure
In IdentityServer I don’t use Forms Authentication but the session facility from WIF. That also means that I implemented my own redirect logic to a login page when needed. To achieve that I turned off...
View ArticleClik here to view.
Migrating a Local IdentityServer Membership Database to SQL Azure
This is a useful tool to accomplish this: http://sqlazuremw.codeplex.com Filed under: Azure, IdentityServer
View ArticleClik here to view.
Access Control Service: Protocol and Token Transition
ACS v2 supports a number of protocols (WS-Federation, WS-Trust, OpenId, OAuth 2 / WRAP) and a number of token types (SWT, SAML 1.1/2.0) – see Vittorio’s Infographic here. Some protocols are designed...
View ArticleClik here to view.
Access Control Service: Transitioning between Active and Passive Scenarios
As I mentioned in my last post, ACS features a number of ways to transition between protocol and token types. One not so widely known transition is between passive sign ins (browser) and active service...
View ArticleClik here to view.
Access Control Service: Programmatically Accessing Identity Provider...
In my last post I showed you that different redirect URLs trigger different response behaviors in ACS. Where did I actually get these URLs from? The answer is simple – I asked ACS ACS publishes a JSON...
View ArticleClik here to view.
Access Control Service: Passive/Active Transition Sample
Here you can find my updated ACS2 sample. In addition to the existing front ends (web [WS-Federation], console [SOAP & REST], Silverlight [REST]) and error handling, it now also includes a WPF...
View ArticleClik here to view.
Claims-based Identity & Access Control Training in February
I just got email confirming the February run of the “identity course” in Oslo. great! There are seats left and you can book here. Cu! Filed under: .NET Security, ASP.NET, Azure, IdentityModel,...
View ArticleClik here to view.
Claims-based Identity & Access Control Pre-Conference Workshop at NDC 2013
This is great news! If you are going to NDC, you can take my identity & access control training as a pre-conference workshop. I have divided the content in a “web apps” day and a “services &...
View ArticleClik here to view.
Going to NDC? Get two extra Days of Identity and Access Control!
Claims, WS-Federation, WS-Trust, WS-Security, ASP.NET, Federation, Single Sign-On, Home Realm Discovery, WCF, SAML, JWT, Web API, OAuth2, Thinktecture IdentityServer & IdentityModel, ADFS, Windows...
View ArticleClik here to view.
Annual Identity Update on DotNetRocks
It’s this time of the year again! http://www.dotnetrocks.com/default.aspx?ShowNum=863 “Dominick Baier returns to talk to Carl and Richard about the current state of security in .NET 4.5. Dom starts out...
View ArticleClik here to view.
IdentityServer v3 and Azure WebSites (and other Deployment Simplifications)
(applies to preview 1) A common request for IdentityServer was being able to run on Azure WebSites (or other constrained deployment environments where you don’t have machine level access). This was...
View ArticleClik here to view.
My Sessions from NDC 2012
All videos from NDC are online now. This is great content, go check it out! Authentication & Authorization in .NET 4.5 – Claims & Tokens become the standard Model Securing ASP.NET Web APIs...
View ArticleClik here to view.
Taking Control over Azure Access Control Service HRD (without the Help from...
Vittorio wrote a post earlier today showing how to fetch the identity provider feed from ACS and use it to drive the sign-in handshake from within your application and UI. This is indeed a very useful...
View ArticleClik here to view.
WIF & .NET 4.5 Identity and Access Control Training
Just a quick update – I will run my public WIF class for the last time on the 14th/15th November in Oslo (the dates on the page are not correct anymore). After that there will be a brand new .NET 4.5...
View ArticleClik here to view.
“Windows Azure, Identity & Access – and you” Talk from Cloudburst 2012
My talk from Cloudburst 2012 is available here: http://www.streamshed.com/microsoft/cloudburst.htm# This was a nice little conference. recommended. (make sure to also watch Christian’s ServiceBus talk,...
View ArticleClik here to view.
Azure Authentication Library
Azure Authentication Library (AAL) is slowly turning into a really useful “easy to use” library to write client code against Microsoft identity back-ends like Windows Azure Active Directory and Access...
View ArticleClik here to view.
Compatibility between Thinktecture.IdentityModel JWT and Microsoft JWT
I just did a quick test – the JWT token handler in Thinktecture.IdentityModel can consume and validate JWTs coming from Access Control Service. Thought I let you know ;) Nice.Filed under: Azure,...
View ArticleClik here to view.
More Compatibility between Thinktecture.IdentityModel JWT and Microsoft JWT
Reader centralbin comments: “In fact the reverse is also true : You can configure TT-STS as an IP-STS in ACS. The JWT tokens issued by TT-STS can also be consumed in ACS. The only “gotcha” is that you...
View ArticleClik here to view.
Federating IdentityServer with Windows Azure Active Directory
Vittorio describes here in great detail how to provision a WAAD tenant as an identity provider in an ACS namespace. Since we are all using the same technology under the bonnet, this should also work...
View ArticleClik here to view.
Two Weeks to go: NDC Identity & Access Control Workshop
…really looking forward to it! http://www.ndcoslo.com/Article/Workshops/claims Also announcing a special guest: Pedro Felix will do a introduction lecture on OpenID Connect! See you there!Filed under:...
View ArticleClik here to view.
Using IdentityServer to issue tokens for Windows Server ServiceBus
Windows Server ServiceBus supports SWT tokens to authorize actions on a SB namespace or entity (e.g. listen, send or manage). In the Azure version of ServiceBus you would use the Azure Access Control...
View Article