Wif and sl4 (en)
-
Upload
nuno-godinho -
Category
Technology
-
view
2.023 -
download
0
description
Transcript of Wif and sl4 (en)
![Page 1: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/1.jpg)
![Page 2: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/2.jpg)
WIF e Silverlight 4 – Claims Aware, Federação de Identidade (Passiva e Activa)Nuno Godinho – Independent Consultant
![Page 3: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/3.jpg)
![Page 4: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/4.jpg)
Nuno Filipe GodinhoIndependent Consultant
Mail: [email protected]@sapo.pt
MSN: [email protected]
Blogs: http://pontonetpt.com/blogs/nunogodinhohttp://xamlpt.com/blogs/nunogodinhohttp://weblogs.asp.net/nunogodinhohttp://msmvps.org/blogs/nunogodinho
Twitter: NunoGodinho
About Me
![Page 5: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/5.jpg)
Agenda
![Page 6: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/6.jpg)
• Introduction to Claims-Based Identity• WIF – Windows Identity Foundation– Introduction– Building Claims-Aware Silverlight Applications
• Identity Federation in Silverlight– Passive Federation– Active Federation
• Summary
Agenda
![Page 7: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/7.jpg)
Introduction to Claims-based Identity
![Page 8: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/8.jpg)
• Your Applications are prisioners of Identity Silos
Introduction to Claims-Based Identity
Login.aspx Page1.aspx
CredentialTypes / APIs
CredentialStores
User AttributesStores
![Page 9: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/9.jpg)
• Identification in Real Life Works Pretty Well…How Do We Do That?
Introduction to Claims-Based Identity
ExternalizesAuthentication
Gets user info from a document
![Page 10: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/10.jpg)
• Claims Can Set Your Application Free
Introduction to Claims-Based Identity
Identity Provider
STS
Security Token
Claims Relying Party
Active Directory Federation Services 2.0
![Page 11: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/11.jpg)
WIF – Windows Identity Foundation
![Page 12: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/12.jpg)
• Programming Model– Essential claims programming model• Claims Object Model integrated with the .NET identity API• Single programming model for ASP.NET & WCF• Single programming model for on-premises & cloud• Configuration driven
– Tools for metadata-driven automatic application configuration• WS-Federation, WS-Trust
– Framework for custom STS development– And more…
WIF – Windows Identity Foundation
![Page 13: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/13.jpg)
• Object Model
IClaimsPrincipalIClaimsIdentity
Delegate
Claims
ClaimClaim
IIdentity AuthenticationType IsAuthenticated Name
IPrincipal IsInRole
Identity
IClaimsIdentityIClaimsIdentity
Claim
Subject
Issuer
Value
ClaimType
ValueType
OriginalIssuer
Identity
WIF – Windows Identity Foundation
void Page_Load(object sender, EventArgs e) { IClaimsPrincipal icp = (IClaimsPrincipal) Thread.CurrentPrincipal;
IClaimsIdentity claimsIdentity = (IClaimsIdentity)icp.Identity;
ageClaimValue = (from c in claimsIdentity.Claims where c.ClaimType == "http://MyNS/AgeClaim" select c.Value ).Single(); }
![Page 14: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/14.jpg)
• How it works– HTTPModule(s) in the ASP.NET pipeline of the application
• They take care of exposing policy, manage protocol redirects, establish sessions…
– WSFederationAuthenticationModule• Implements the WS-Federation redirects protocol
– SessionAuthenticationModule• Takes care of handling sessions (regardless of the sign-in protocol)
– ClaimsPrincipalHttpModule• Provides a hook for injecting claims in the current principal
WIF – Windows Identity Foundation
![Page 15: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/15.jpg)
• WIF ASP.NET Processing Pipeline
WIF – Windows Identity Foundation
WSFAM
SecurityTokenHandler
ClaimsAuthenticationManager
SessionAuthenticationModule
ClaimsAuthorizationManager
![Page 16: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/16.jpg)
• Bindings– UserNameWSTrustBinding– CertificateWSTrustBinding– WindowsWSTrustBinding– KerberosWSTrustBinding– IssuedTokenWSTrustBinding
WIF – Windows Identity Foundation
![Page 17: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/17.jpg)
Identity Federation In Silverlight
![Page 18: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/18.jpg)
• What is Identity Federation?“A user's authentication process across multiple IT systems or even organizations” – via Wikipedia
• What Is the Goal of Identity Federation?“The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration” – via Wikipediahttp://en.wikipedia.org/wiki/Federated_identity
Identity Federation in Silverlight
![Page 19: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/19.jpg)
• What is Passive Federation?
Identity Federation in Silverlight
Identity Provider
Relying Party
Client
Trust Relationship
1. End-user browses to the RP
2. RP Redirects the User to the IdP
3. End-user
logs in
5. IdP issues a Security Token
6. IdP Security Token is presented to the RP
4. Authenticated
End-User
Authenticated
![Page 20: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/20.jpg)
DEMO:Identity Federation in Silverlight (Passive)
![Page 21: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/21.jpg)
Trust Relationship
2. Authenticated
• What is Active Federation?
Identity Federation in Silverlight
Identity Provider
w/ STS
Relying Party
Requestor
1. End-User Requests Security Token
3. IdP issues a Security Token
4. IdP Security Token is presented to the RP
End-User
Authenticated
![Page 22: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/22.jpg)
DEMO:Identity Federation in Silverlight (Active)
![Page 23: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/23.jpg)
Summary
![Page 24: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/24.jpg)
• Claims-based Identity allows us to Free our Applications from Identity Silos
• WIF is allow us to easily implement Claims-based Identity on our Applications
• Identity Federation allows us to authenticate Users accross IT systems and Organizations
Summary
![Page 25: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/25.jpg)
• Two Types of Identity Federation– Passive – Redirection Based– Active - Actively Authenticated against the IdP’s STS
Summary
Free your applications…
![Page 27: Wif and sl4 (en)](https://reader033.fdocumentos.com/reader033/viewer/2022061209/548c9ee2b47959d2658b458a/html5/thumbnails/27.jpg)