WS-Federation Single Logout (SLO) is not supported by the Microsoft WIF libraries. This is mentioned in the Programming Windows Identity Foundation book of Vitorrio Bertocci on page 121. This should however only affect you if you have written your own IDP / IP-STS. As a result one can only sign-out from a single site at… Read More »
To Integrate Ws-Federation into .Net Core is straight forward although the documentation of this topic is really lacking. In the article below I have some code snippets showing how to do the integration.
Recently I had to investigate for a situation where a user would sign into a Google chrome account and a desktop application on the same machine had to somehow pick up the cookie and use it to communicate to web services, very similar to Cross browser \ application SSO.
I am sure many companies are slowly doing the migration from web forms in asp.net to MVC with asp.net core and with that migration comes the need for diagnostics or exception logger. In this article is a very simple example for exception logging.
A few posts back I was looking at OAuth and I stumbled onto some posts with references to this thing called OWIN. Initially I thought it was a framework that wrapped OAuth to make it easier to use but it turned out to be a hosting solution with support for middleware.
In the previous article I showed how to use OAuth to connect to twitter. At this point all the authentication and authorization has been done and we are busy with the last step to retrieve the Identity information from twitter specifically.
Last time I looked at Oauth I was simply looking at the steps involved with it, today I am doing a small POC. I will be using twitter as my identity provider.
In the following example i will show how to build an Identity Provider also called a passive security token service (IP-STS) that issues tokens using WS-Federation. This post builds on work done in a previous post, Create your own active STS. In this article I will show how to create a complete working example of an… Read More »
In this post I will explain at high level the concept of policy based configuration and I will be providing a POC. Anyone that has ever worked with WCF in a proper scaled application with many many micro services must know about the pain of maintaining the configuration files, I am now not only referring to… Read More »
The following example uses an active security token service (A-STS) that issues tokens using the WS-Trust standard. The type of STS discussed in this post is called a Active STS OR A-STS, it refers to the client that is actively in control of its own authenticated state. This client will typically have its own login window build into the… Read More »