#dotNed Podcast: Security met Alex Thissen

In deze podcast spreek ik met Alex Thissen over het beveiligen van applicaties. Ze bespreken veel voorkomende kwetsbaarheden en wat je kan doen om je hier tegen te verdedigen. Ook hebben ze het over federated security en Windows Identity Foundation en wat dit voor de toekomst gaat betekenen.   http://www.dotned.nl/PodCasts.aspx?id=10   PS: Dutch language only   [f1] [f2]

Limiting which user can access service using the Windows Identity Foundation

In my previous blog post I demonstrated how to secure a workflow service using the Windows Identity Foundation. With this in place we only allow users that are trusted by the STS Dominick Baier wrote. That is nice but in some cases we might not want all users to be able to perform all actions.   How can we check for individual users against a specific action? Using an STS we don’t get the user credentials from the client application but we do get a lot of information in the form of security tokens from the STS my means of … Continue reading Limiting which user can access service using the Windows Identity Foundation

Securing a Workflow Service using Windows Identity Foundation

The way security is often still handled these days with each application keeping track of their own users is somewhat dated. Some form of Federated security, where a single separate server is responsible for the security of a whole series of applications, is the way to go. On the internet there are plenty of examples of this with applications using things like OAuth and leaving their security to others. In windows the preferred form of federated security is through Windows Identity Foundation and it is real easy to secure an ASP.NET site or WCF service using Windows Identity Foundation.   … Continue reading Securing a Workflow Service using Windows Identity Foundation