Some basic interview questions. Its not comprehensive and ill extend this as needed.
In the previous post I showed how to enable HSTS so that all HTTP traffic to a website is secured. As cool as that is, the unfortunate reality is that it is not always possible to secure all HTTP traffic for a website especially when dealing with some legacy technology.
HTTP Strict Transport Security or HSTS is a header that instructs a browser not to downgrade a secure https connection to a unsecure HTTP connection for a specified domain.
It is important to realize that although a website might be running under HTTPS it does not guarantee that the session information is not accessible from normal HTTP requests. When a session cookie is generated it is important to make sure that the cookie can only be transmitted over a secure HTTP connection (HTTPS).
In the following example i will show how to build an Identity Provider also called a passive security token service (IP-STS) that issues tokens using WS-Federation. This post builds on work done in a previous post, Create your own active STS. In this article I will show how to create a complete working example of an… Read More »
I created a windows forms application sample that can assist with decoding to FedAuth tokens captured from tools like Fiddler, source is included. It is downloadable from this link.
So what is new in C# 6.0? I am documenting the new features in C# 6.0 simply to keep myself up to date and maybe someone else will also benefit.
The following example uses an active security token service (A-STS) that issues tokens using the WS-Trust standard. The type of STS discussed in this post is called a Active STS OR A-STS, it refers to the client that is actively in control of its own authenticated state. This client will typically have its own login window build into the… Read More »
I am going to step through a sample that i wrote that shows how easy it is to create a self hosted WCF service in c#. The sample code can be downloaded here and may be used freely.