-
The last week I have been working on a claim-based identity scenario that involves two separate instances of a Active Directory Federation Services (ADFS) 2.0 as Security Token Service (STS). The first STS is an identity provider STS (IP-STS) and the second a resource STS (R-STS) . The R-STS and IP-STS...
-
A couple of days ago I got mail from a reader of an old .NET remoting article of mine, where I built a sample chat application using the precursor technology of WCF. The article was pretty old, and the sample code written in .NET 1.0 and Visual Studio .NET 2002 . The code would not work under .NET Framework...
-
The January 2007 CTP version of Visual Studio "Orcas" has .NET FX 3.5 version 3.5.11209. One of the assemblies is System.Web.Extensions and hosts some great new additions to the ASP.NET stack. It has new classes in the namespace System.Web.Security, two of which are LoginService and RolesService. In...
-
A web server will send the public key of its server certificate to set up a SSL connection with the client. The client checks whether the certificate is still a valid in this point in time the name of the server matches the one in the certificate the certificate has been issued by an authority it trusts...
-
Browsers will need to have client certificates installed before any web server can receive them for authentication and authorization. Certificate Services can issue these certificates manually by a user, administrator or even programmatically. Let's assume that your users need to acquire a certificate...
-
Now that the web server is prepared with a server certificate you can continue with client certificates. By default IIS will ignore client certificates. You need to change some settings. Go to the properties of the particular web application in Internet Services Manager: There should be an active Edit...
-
ASP and ASP.NET have a pretty easy mechanism to work with client certificates that a browser has handed to the web server. All it takes is this little piece of code: Response.Write(Request.ClientCertificate[ "Issuer" ]); plus or minus the square brackets and semi-colon. This will read and print the value...
-
In ASP.NET you can create a sitemap to capture the pages that are available in your web application. The web.sitemap is an XML file that is a hierarchical list that is provided for data binding to controls via a sitemap provider. The Menu, SiteMapPath and TreeView control are common controls used for...
-
When I was writing up the Cross-Site Scripting (XSS) demo for Astrid Hackenberg I found out something nice. (For a primer on XSS, check a previous post ). I noticed that it was not possible to steal the cookie using JavaScript. That could mean only one thing: HttpOnly cookies. I did not post anything...
-
Unfortunately I was not able to cover all details on client callbacks and event validation during my talk at the Developer Days. I did find out some interesting things on the combination. Let me tell you about it. When a callback is made from a ASP.NET 2.0 web page or control that supports Client Callbacks...
-
This is the second part in a post on EventValidation in ASP.NET 2.0. In this post I will address the topic of event validation. This new feature becomes apparent when trying to use client callbacks in combination with new values for controls. If you are unfamiliar with the topic of client callbacks and...