Questions tagged [wif]
The Windows Identity Foundation is a free Microsoft library that enables claims based authentication and use federated identity/single sign-on in their applications.
1,276
questions
184
votes
1
answer
6k
views
Catch-22 prevents streamed TCP WCF service securable by WIF; ruining my Christmas, mental health
I have a requirement to secure a streamed WCF net.tcp service endpoint using WIF. It should authenticate incoming calls against our token server. The service is streamed because it is designed to ...
user1228
128
votes
3
answers
143k
views
Decoding and verifying JWT token using System.IdentityModel.Tokens.Jwt
I've been using the JWT library to decode a Json Web Token, and would like to switch to Microsoft's official JWT implementation, System.IdentityModel.Tokens.Jwt.
The documentation is very sparse, so ...
- 16.8k
72
votes
3
answers
35k
views
What's the role of the ClaimsPrincipal, why does it have multiple Identities?
I am trying to understand the security model behind .NET based on claims for the application (Relying Party).
I know there are 2 major classes:
ClaimsPrincipal - security context for the running ...
- 1,665
70
votes
3
answers
59k
views
What's the difference between ADFS, WIF, WS Federation, SAML, and STS?
These are numerous technologies and buzzwords used for single sign-on with Microsoft services.
Can someone explain ADFS, WIF, WS Federation, SAML, and STS (Security token service), including where ...
- 777
55
votes
10
answers
111k
views
Where is the Microsoft.IdentityModel dll
I have installed the Windows Identity Foundation but can't find the Microsoft.IdentityModel dll. According to the Azure Hands-on-Labs it should just be in Add Reference in VS2010. However it's not ...
- 573
44
votes
1
answer
691
views
In WCF/WIF how to merge up claims from two different client's custom sts's tokens
I'm trying to create something like: Client authenticates and gets token from custom STS1, next client authorizes with machine key and is issued token on custom STS2 and gets another token. With last ...
- 451
38
votes
4
answers
44k
views
How do I remove an existing claim from a ClaimsPrincipal?
I am making a developer tool for impersonating Roles for an intranet site to allow developers to quickly act as any Role as needed. Roles defined are Developer, Team Lead, Team Member, Engineering, ...
- 773
35
votes
2
answers
4k
views
How do I perform WIF/claims impersonation without the claim being mapped to an AD account?
I need to perform search impersonation in SharePoint 2010 for Claims users. To put this in context, I would like to first state how I get this to work with Windows accounts and then discuss Claims / ...
- 7,833
32
votes
4
answers
57k
views
How to encrypt JWT security token?
I need to secure my web-token with signing and encryption. I wrote the next lines of code:
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
...
- 2,043
28
votes
2
answers
50k
views
Where did 'My" certificate store go? [closed]
Because I'm awesome I'm trying to run the latest WIF demo app using VS2k10 B2 on my 7 boxen... 64bit of course (my neckbeard is strong) I'm having a problem getting it running.
Part of the whole demo ...
user1228
27
votes
5
answers
21k
views
Federated Authentication on Azure
I'm using WIF (.net 4.5), and Azure Active directory for authentication. The website will sit on Azure.
Everything works as expected locally, however when I put it onto azure I get the error:
The ...
- 5,941
27
votes
2
answers
17k
views
Microsoft.IdentityModel vs System.IdentityModel
I'm working on a claims-based authorization system using Forms Authentication and ASP.NET MVC 2. I see that one namespace "Microsoft.IdentityModel" provides a lot of the same things as the other "...
- 15.2k
26
votes
1
answer
15k
views
Using WIF, what is the difference between audienceUris and realm?
We have an ASP.NET application using WIF. Our web.config file has a section like this:
<audienceUris>
<add value="https://someapp.mycompany.com/App/" />
</audienceUris>
<...
- 2,775
26
votes
2
answers
17k
views
Storing a list of string in Claim (System.Security.Claims)
I'm developing a web app with Asp.Net 5 MVC, Owin and Oauth2 bearer token as auth type.
I need to store a list of string "CODEFOO,CODBAR,CODEX,.." inside a System.Security.Claims.Claim with a custom ...
- 73k
26
votes
2
answers
13k
views
How do I setup On-Premises Authority Authentication in MVC 5?
What is the Metadata document that is required for "On-Premises Authority Authentication" in MVC 5?
I am supposed to supply it's URL in order to setup Organizational Accounts Authentication in MVC 5 ...
- 12.2k
26
votes
0
answers
419
views
Configuring WIF/WCF using Identity and Access Tool to a Thinktecture.IdentityServer
note: A github repo has been constructed to demonstrate the issue causing these questions.
In creating a WIF secured WCF service, the MSDN documentation recommends using the Identity and Access Tool ...
- 1,775
25
votes
4
answers
18k
views
How to convert SAML XML token string to either SecurityToken or ClaimsPrincipal instance?
My context:
.Net RESTful web service
Client (mixed platforms, technologies, lib capabilities) has obtained a SAML token
Trying to accept the token for authentication/authorization in the REST service
...
- 859
24
votes
3
answers
5k
views
WIF 4.5 BootstrapContext security token null
I am using the new 4.5 WIF stuff to authenticate users of the website and to secure the communication between my MVC website and WCF services.
I have the website configured to save the bootstrap ...
- 354
24
votes
1
answer
4k
views
ACS installed but MVC 4.0 app still redirects and fails to find login.aspx
First post here on stackoverflow but I love the site!...
I've successfully created a fully functioning Azure hybrid model application using MVC 4. Published and works great. Now I want to add ACS ...
- 241
23
votes
9
answers
50k
views
Why am I getting the "A potentially dangerous Request.Form value was detected from the client" error?
I've created a new ASP.NET MVC 3 / .NET Framework 4.0 site using the "Internet Application" template. I used Nuget to install the Windows Azure Web Role (MVC3) package and then followed the Access ...
- 59.7k
23
votes
5
answers
16k
views
ASP.NET MVC 2 and authentication using WIF (Windows Identity Foundation)
Are there any decent examples of the following available:
Looking through the WIF SDK, there are examples of using WIF in conjunction with ASP.NET using the WSFederationAuthenticationModule (FAM) to ...
- 125k
22
votes
6
answers
21k
views
Cannot find a unique certificate that matches the criteria
I am running into the following error when attempting to parse my token:
Property name: 'certificateReference'
Error: 'ID1025: Cannot find a unique certificate that matches the criteria.
StoreName: '...
- 231
22
votes
0
answers
3k
views
(WindowsPrincipal vs GenericPrincipal vs ClaimsPrincipal)'s Identity property
TL;DR. I'm writing this up to potentially help someone else's googling in the future as I found no documentation on this particular behaviour, and partly on the hope that someone could confirm (or ...
- 469
21
votes
3
answers
7k
views
.NET Claim in three namespaces
Now this is odd. After completing some research on claims based solutions in .NET, found that different authors refer to different classes in .NET namespace when actually speaking on the same matter. ...
- 121
20
votes
2
answers
9k
views
Simple claims transformation and caching w/ windows authentication
For the past few days I've been reading about the windows identity foundation and how it's so good and flexible and built right into .net 4.5. Despite going over dozens of apis, blog posts, how-to's ...
- 553
20
votes
3
answers
8k
views
How does the "ASP.Net Identity" compare with "Windows Identity Foundation"? [closed]
I found this nice article that shows the evolution of the ASP.Net identity frameworks:
http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity
However, I'm interested in ...
- 3,510
19
votes
3
answers
15k
views
SHA256 signing stops working in .NET 4.5
We have a piece of code which creates a SigningCredentials object to use to sign xml document by using SHA256 algorithm. It works with .NET 3.5 perfectly. However, when we upgrade our codebase to .NET ...
- 1,628
19
votes
2
answers
5k
views
Azure/web-farm ready SecurityTokenCache
Our site uses ADFS for auth. To reduce the cookie payload on every request we're turning IsSessionMode on (see Your fedauth cookies on a diet).
The last thing we need to do to get this working in ...
- 26.7k
19
votes
7
answers
37k
views
Where can I find Microsoft.IdentityModel.Extensions.dll library?
I'm searching for Microsoft.IdentityModel.Extensions library. In documentation that I'm reading they suggest that it should be available in my GAC, but its not. I'm using Visual Studio 2012.
Where ...
- 9,658
19
votes
1
answer
7k
views
What is difference between identity provider vs federation provider?
I have been reading some article on Windows Identity foundation and there are some vague definitions on federation provider(may be my understanding is not accurate). However I didn't come across one ...
- 12.7k
18
votes
5
answers
29k
views
How to configure Microsoft JWT with symmetric key?
I'm trying to configure my ASP.NET app to accept a JSON Web Token (JWT) that is signed with a symmetric key. The STS isn't capable of using certificates for this, so we're using their symmetric key ...
- 132k
18
votes
4
answers
16k
views
Active and Passive Federation in WIF
I am trying to understand the difference between Active and Passive federation in WIF. It appears that one would use an Active Federation if the Relying Party (RP) is a WCF Service instead of an ASP....
- 7,495
18
votes
4
answers
3k
views
.net n-tier identity & authorization in service architecture
I'm building an application where the requirements seem standard issue (at least to me)... I have a Web.UI based on asp .net mvc & clients from iphone, andriod & blackberry.
So the sensible ...
- 2,833
17
votes
4
answers
10k
views
Windows Identity Foundation sample MVC application
Is there a sample application for using WIF with a ASP.NET MVC application? Can someone help me get started trying to integrate both of these technologies?
- 11.7k
16
votes
4
answers
23k
views
A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...")
I am also getting a request validation error when using WIF. I get correctly sent to the STS, but on the way back, I get this validation error.
I followed all the instructions.
<httpRuntime ...
- 3,204
16
votes
2
answers
10k
views
Adding Claims-based authorization to MVC 3
I have an MVC app that I would like to add claims-based authorization to. In the near future we will use ADFS2 for federated identity but for now we will used forms auth locally.
Has anyone seen a ...
- 14.3k
16
votes
3
answers
4k
views
What's the .NET 4.5 equivalent to UserNameWSTrustBinding?
I am converting a active profile STS to the new .NET 4.5 System.IdentityModel framework. My code using the UserNameWSTrustBinding which doesn't seem to exist in the new framework. Any suggestions.
- 161
15
votes
1
answer
4k
views
How do I get to the SecurityTokenHandlers collection in WIF 4.5?
I am migrating an ASP.Net site that uses Active Federation and WIF 3.5 to use .Net 4.5. The functionality of Windows Identity Foundation (WIF 3.5) has now been fully integrated in into the .Net 4.5 ...
- 499
14
votes
1
answer
5k
views
Best practices for creating custom claim types
Given a specific set of permissions, e.g. EditPage, CreateProject, ModifyUser, I am currently looking at two different ways of creating some custom claims types to model this behavior. I can find ...
- 11k
14
votes
3
answers
7k
views
Perfect unique_id for device except IMEI,Android_ID,WLAN Mac and Bluetooth address
Objective:
I am looking for a way to find out a unique_id for android device.
Background:
I will use the Id in login request payload and as my app is license based service app the Id should not ...
- 31.9k
14
votes
4
answers
2k
views
Best approach for SSO for Asp.Net application with Login from external application with multiple ADFS [closed]
I have an already built Asp.Net application which is using Asp.Net membership provider.
There is a client web application which has its own login. Once logged in, the user gets some links. These ...
- 2,707
13
votes
3
answers
29k
views
ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry
I am trying to implement a Simple STS web site alongside my MVC application in a development environment. I was able to get this working properly on my local machine. I would navigate to my MVC app, ...
- 879
13
votes
2
answers
6k
views
What is the difference between microsoft.identityModel and system.identityModel in .NET 4.5
I'm probably not the first to ask but which one should we use now ? As I understand it, it started with a very small System.IdentityModel for WCF. Then came the Microsoft.IdentityModel classes which ...
- 1,669
13
votes
3
answers
13k
views
JwtSecurityTokenHandler().ValidateToken() :: Signature validation failed... sha256 not supported in this context
I am getting the following error when I execute the JwtSecurityTokenHandler().ValidateToken() function:
Here is my pseudo-code:
var jwtToken = {...}
var tokenHandler = new JwtSecurityTokenHandler();
...
- 2,035
12
votes
7
answers
50k
views
Microsoft.IdentityModel: Key not valid for use in specified state
I have a claims aware web application using Windows Identity Foundation that has been working well, except on one server. I am seeing the error message shown below in the event log.
Exception ...
- 588
12
votes
2
answers
4k
views
Is it possible to run WIF without LoadUserProfile = True
I'm trying to run WIF Relying Party application on a shared host. They will not set the IIS Setting LoadUserProfile to true and as such I'm getting the following error:
Message: The data protection ...
- 2,833
12
votes
5
answers
10k
views
Exclude specific path from WIF authorization in a ASP.NET MVC 4 project
We have successfully configured windows identity foundation (WIF) in our ASP.NET 4.5 MVC 4 project with the help of the Identity and Access... extension for Visual Studio 2012. But are unable to ...
- 5,779
12
votes
1
answer
28k
views
URL redirection from ADFS server
I'm using ADFS for authentication in my ASP.net web app. The STS server redirects the browser to https://test.contoso.com. STS doesn't allow any return URL parameter when redirecting the client to STS ...
- 933
12
votes
1
answer
11k
views
Basic Authentication Middleware with OWIN and ASP.NET WEB API
I created an ASP.NET WEB API 2.2 project. I used the Windows Identity Foundation based template for individual accounts available in visual studio see it here.
The web client (written in angularJS) ...
- 4,425
12
votes
5
answers
10k
views
WIF Security Token Caching
I have a site that is a relying party to our WIF-based custom STS. We recently implemented a Security Token Cache as described here: Azure/web-farm ready SecurityTokenCache. The major difference ...
- 445