Tagged Questions
2
votes
2answers
132 views
Why is there a resource/operation required instead of type/value using claim based auth
Our old software architecture used role based validation. We now want to use claims based authorization. As a matter of fact, I think we always used something modelling claims, even if we used role ...
0
votes
1answer
38 views
Why getting WindowsPrinciple in AuthorisationManager in asp.net
I am trying to implement claim based security in web application. I have a class like.
public class AuthorisationManager : ClaimsAuthorizationManager
{
public override bool ...
0
votes
0answers
75 views
Converting existing forms authenticated application to claims
I have a ASP.NET based CMS that used to work with forms authentication for both the CMS backend login and for the member section (for my customers) login in the front end. Now the new version of this ...
1
vote
0answers
103 views
Is Claims Based Authentication more secure than Basic Authentication?
I have been a developer in the services world for using either basic authentication (in combination use with SSL for securing the transport) or of using claims based authentication (in .NET using ...
0
votes
1answer
30 views
avoid raising exception when no permission in claim based security
How can I suppress exception thrown from ClaimsAuthorizationManager.CheckAccess even if it returns false.
To be more explanatory, I am trying to create a collection of objects. Some objects are ...
0
votes
1answer
135 views
claim based authorization + WPF desktop application
I am trying to implement security model in a WPF desktop application in ver 4.5. I studied many articles and most of them are either Web based or with WCF.
Does that mean that claim based security is ...
0
votes
0answers
51 views
diff in claim base security and role based security in C#
I am new to this security model in C#. But as I am studying on this I am getting more confused. What is the difference between claim based security and role based security? What is the scenario to ...
0
votes
1answer
2k views
Adfs: Difference between token decrypting certificate and relying party signature verification certificate
I am trying to set up a Relying Party (SP) with ADFS. ADFS recognizes and responds for requests without signature. But ADFS fails to verify a signed AuthRequest. I have a certificate imported into ...
0
votes
1answer
77 views
Appropriate usage of tokens in a claims based security model?
i'm new to claims based security. I understand the premise but have some questions regarding the token.
From what I understand, the token will carry all of the claims for a given user, and that ...
0
votes
1answer
51 views
How can I use WIF to secure access to static files?
I have a folder of jpg images on an IIS server & we need to secure them so that only people with a particular permission can view them. We have implemented WIF based STS (not AD) for ...
1
vote
1answer
296 views
WIF BootstrapToken expired
I'm developing web application using ASP.NET MVC + WCF secured by WIF. I'm using active STS.
I have a problem with situation where BootstrapToken expired but SessionSecurityToken is still valid ...
4
votes
2answers
464 views
Azure ACS - Claims URL exposed in browser history - security hole?
Found this official ACS demo http://www.fabrikamshipping.com/ while researching on ACS.
In the app itself, when logging in with one of the providers ( I chose Google ), I can see in the browser ...
2
votes
1answer
320 views
WIF and SOAP result inspection - Windows Identity Foundation strikes again :(
I use IdentityServer for users authentication from Silverlight 4 platform (WS-Trust).
When user sends proper credentials everything is fine of course and I create token cookie with additional claims ...
0
votes
2answers
864 views
wa=wsignupcleanup1.0 does not sign out user on Relying Party
Working on project where we use Windows Identity Foundation.
While testing the sign out solution i found that the following call
http://rp/?wa=wsignoutcleanup1.0 does not delete the FedAuth cookie on ...
0
votes
1answer
314 views
Claims Authentication - STS
I was watching this great video on Channel 9 by Venky.
http://channel9.msdn.com/shows/Identity/Sharepoint-2010-and-Claims-Based-Identity/
This talks about highlevel view on Claims Identity and STS. ...
5
votes
2answers
2k views
Windows Identity framework with windows XP
How can use the Windows Identity Foundation SDK with Windows XP ?
3
votes
1answer
363 views
Applying custom claims in claims based application
I would like to grant document level permission based on custom claims in claims based web site. A user may have hundreds of document or one. Is it a good idea to apply custom claims? What is the ...
0
votes
1answer
580 views
Claims-based Authentication: Are strings the essence of claims?
I've been programming with claims-based authentication for some time now with Windows Identity Foundation.
It appears to me that in Windows Identity Foundation, once a user is logged in, the claims ...
2
votes
1answer
297 views
Restricting access to records. Is claim-based permissions a good idea
in .net Claim-based identity framework
If i wanted to restrict users to do an operation (view or edit) on let's say an account, a particular account #123456.(i am talking about business entity, like ...
0
votes
1answer
359 views
Claims + Tokens library for c#
Is there a library for c# that allows me to build an encrypted token containing claims, and then gives me an API to check if a token contains the claims I'm interested in?
Similar to how ".NET Access ...
Related Tags
wif × 8.net × 6
c# × 3
asp.net × 3
authentication × 3
wcf × 2
.net-4.5 × 2
saml × 2
identity × 2
sharepoint2010 × 2
permissions
claims
sharepoint
silverlight
adfs
iis-7.5
federated-identity
single-sign-on
role-based
basic-authentication
sts-securitytokenservice
azure token
