SharpSTS

Source code checked in, #11650

blowdart — Sat, 05 Jul 2008 14:59:32 GMT

Removing unneeded namespace

Source code checked in, #11649

blowdart — Sat, 05 Jul 2008 14:55:09 GMT

Creating Trunk Folder in preparation for 1.0 branch

Source code checked in, #11648

blowdart — Sat, 05 Jul 2008 14:53:09 GMT

Source code checked in, #11647

blowdart — Sat, 05 Jul 2008 14:50:50 GMT

Removal of FXCop errors. Seperation of sample membership provider to its own project.

Source code checked in, #11646

blowdart — Sat, 05 Jul 2008 14:16:30 GMT

Changed min length to 0

Source code checked in, #11558

blowdart — Sun, 29 Jun 2008 14:12:52 GMT

Added validators.

Source code checked in, #11538

blowdart — Fri, 27 Jun 2008 07:35:01 GMT

Changed to share exceptions and checks on certificates.

Source code checked in, #11537

blowdart — Fri, 27 Jun 2008 06:15:58 GMT

Removed static constructor, moved certificate check to the Open() method to avoid exceptions in a constructor

Source code checked in, #11536

blowdart — Fri, 27 Jun 2008 05:47:42 GMT

Removing static constructor for performance.

Source code checked in, #11503

blowdart — Tue, 24 Jun 2008 10:17:55 GMT

Added token validity configuration setting; which defaults to 20 minutes.

New Post: Database methods and events

blowdart — Sat, 21 Jun 2008 07:33:26 GMT

OK now I have some time (*grin*) I'm approaching this again.

As I see it I/we need the following basic operations

get new card identifier for user/authentication method
attach card identifier to user/authentication method (these first two are obviously linked; but to my mind need to be separated)
revoke card identifier
revoke all cards for user

Claim population is outside the STS scope and will be down to your implementation of your web site.

In addition there will be the following events (and I'm still not sure of the best way to do this; an autoevent wireup would be lovely, but probably overkill and needs some hokey reflection)

LoggingIn
LoggedIn
LoginError
RSTRecieved
RSTParsingError
TokenIssued
TokenIssueError

Does anyone think we need anything else?

Source code checked in, #11465

blowdart — Fri, 20 Jun 2008 17:01:49 GMT

Added demands for full trust, because WCF "needs" it.

Source code checked in, #11459

blowdart — Fri, 20 Jun 2008 10:25:14 GMT

Correct all StyleCop warnings. Added some more documentation. Removed some unused code and constants.

Created Issue: Add extra checks to make sure the assertion ID is unique

blowdart — Tue, 10 Jun 2008 09:59:39 GMT

Maybe allow configuration prefix as well.

CREATED FEATURE: Add support for multiple authentication types during card issuing

blowdart — Tue, 20 May 2008 05:00:38 GMT

See http://blogs.msdn.com/card/archive/2008/05/20/backing-a-managed-card-with-alternate-credentials.aspx for details.

NEW POST: Securing a WCF service w/ wsFederationBinding and STS

wtfChris — Wed, 14 May 2008 17:11:00 GMT

chicken <g>.

I've posted to the WCF forum on MSDN, but I never seem to get responses to my posts, so I thought I'd try here as well.

May Dominick can offer some insight.

NEW POST: Securing a WCF service w/ wsFederationBinding and STS

blowdart — Wed, 14 May 2008 14:57:25 GMT

Pass. The selector takes care of it in an infocard scenario; and that's all I'm catering to here *grin* You could ask on the WCF forums I guess, it's not an infocard issue as far as I can see.

NEW POST: Securing a WCF service w/ wsFederationBinding and STS

wtfChris — Wed, 14 May 2008 13:13:00 GMT

How does this work when I'm not using infocards? The issuer uri is specified as part of the binding configuration of the service being secured. When the client proxy is generated for that service, where will it get the uri for the sts? and assuming we have multiple endpoints for different auth. mechanisms (u/p, cert, biometric, etc) which endpoint for the Issue operation will it generate?

Am I conceptually misunderstanding something here?

NEW POST: Securing a WCF service w/ wsFederationBinding and STS

blowdart — Wed, 14 May 2008 04:29:14 GMT

Issuer != Endpoint.

Issuer is part of the card metadata, the selector will allow use of the cards which match the specified issuer URI. When a card is selected which matches that issuer the selector then reads the endpoint information from the card and goes off to ask for a token from the endpoint embedded in the card.

NEW POST: Securing a WCF service w/ wsFederationBinding and STS

wtfChris — Tue, 13 May 2008 23:21:54 GMT

I'm confused.

If the issuer uri isn't the endpoint address of the sts endpoint, how is the correct sts endpoint discovered? If all the STS requests go to the same endpoint, what does the routing to ensure that RST's with u/p creds go to the u/p endpoint, and RST's with self-issued tokens go to the SelfIssuedSamlToken endpoint?