All Will Be Revealed: ~7 Hours Recordings from the WIF Workshops
As promised, the recordings of the main sessions of the latest WIF Workshop are now available on Channel9!
The course starts from the very high level intro you’ve seen various times, and progresses into the deepest WIF training content we’ve ever published (that is, until this bad boy will be finally on the shelves).
In a short you can expect to see a new version of the Identity Developer Training Kit, which will include the slides used during the class and embedded players pointing to those very videos: together with the usual labs, that will truly be an event-in-a-box package you’ll be able to use if you want to redeliver a WIF workshop in your area!
|
|
WIF Workshop 1: Introduction to Claims-Based Identity and WIF This session provides a light introduction to claims-based identity: the problems it solves, the canonical authentication scenario, key concepts and terminology. |
|
|
WIF Workshop 2: Lab on Basic Web Sites The first lab of the workshop offers an overview of what can be achieved when using WIF with Web sites: authentication externalization, integration with IsInRole and ASP.NET authorization, customization of the application via claims, claims-based authorization. |
|
|
WIF Workshop 3: Scenarios and Architecture I In this session you will learn about the difference between IP-STS and FP-STS and how to choose where to put STSes in your architecture. You will learn about federation, home realm discovery and how to leverage the WIF extensibility model in order to handle multiple identity providers. |
|
|
WIF Workshop 4: Scenarios and Architecture II This short session explores the architectural implications of using claims for authorization purposes |
|
|
WIF Workshop 5: Lab about Web Sites and STS The second lab of the workshop explores some of the patterns discussed in the former section. One lab demonstrates how a generic web site can be enhanced with identity provider capabilities regardless of the authentication technology it uses, simply by adding an STS page. |
|
|
WIF Workshop 6: WIF ASP.NET Pipeline and Extensibility Points This session explores in depth how WIF tackles the sign-in scenario. |
|
|
This session describes in detail the difference between passive and active scenarios, specifically around the confirmation method for toekns (bearer vs. holder-of-key). |
|
|
WIF Workshop 8: Lab about WIF and WCF This lab explores the idea of delegated service call via ActAs tokens: the exercise from the Web sites lab shows how to do that from an ASP.NET to a WCF backend, while the one from the WCF lab focuses on flowing identity info through a chain of services calls. |
|
|
WIF Workshop 9: WIF and Windows Azure The last session of the training covers the use of WIF in Windows Azure. After a quick introduction to Windows Azure and the infrastructural differences between web roles and on-premises deployment, the session provides practical advices on aspects of distributed development such as handling NLB sessions, certificate management, dealing with volatile application URI, handling tracing, metadata generation considerations, and so on. The discussion covers both Web roles and WCF roles. |
|
|
WIF Workshop 10: Lab about WIF and Windows Azure The last lab of the workshop covers the use of WIF on Windows Azure, demonstrating in practice how to cope with NLB sessions, volatile application URI, dynamic configuration, metadata generation, tracing and so on. |
Awesome! I’ll be going through all of these. Was very much looking forward to this. This WIF looks very interesting to me and I’ve already played around with a bit. Very solid.
I’ll be evaluating WIF to replace Shibboleth (SP/IdP) currently in place. Also I enjoy your videos very much (from MIX and others), the character you put into them is superb.
Great series. I’ve been through them all and am now trying to apply to ADFS2.
One scenario you mention looks very useful, but I can’t figure out how to do it in ADFS2; I’m sure I’m missing something obvious.
I have the standard, initial Identity STS in ADFS2, which authenticates against Active Directory and works fine with my sample web site. I want to add a Resource STS that will allow me to federate with other Identity providers (and also with my local AD STS as you describe). I can’t see how to add the Resource STS.
What am I missing?
Dear Vittorio
Thank you for sharing these excellent resources! I am busy convincing my client that ADFS is the way to go for the future! The one part that I dont understand is how AZMAN fits into this environment. How would a person assign user accounts to roles that are from a trust relationship? Looking forward to hear from you.
Hi Vittorio,
So many great resources for WIF! And I agree with Zarooch, the flair is awesome. Each article and video is a like a performance with a bow at the end.
So, after going through everything, I’m still looking for good info on SLO. I did everything in the training kit and then went on to create my own apps using the Claims Aware Web Site templates and hooked them up to the standard STS that VS 2010 generates. I log in and they correctly allow me to move between the apps without needing another login.
To get logout capabilities, I used the FederatedPassiveSignInStatus. However, I noticed after testing that it would log out of the app it was in and then send a message to the STS to log out the central session, however, that message didn’t get out to the other relying parties so they were all still logged in. That as I understand it is the SLO scenario.
Is there something we can do to get SLO working with the standard STS that VS implements or do I have to wait until our IT staff set up ADFS 2.0 for us to use?
Brian
Hi we are planning to launch few of our web applications (ASP .NET and ASP MVC) on cloud (azure). For our internal users (i.e. windows domain users) and other business partners (B-2-B) we are planning to use WIF (and federated) for user authentication. Some of the above examples will definetly help us to come with the right architecture. (Thank you Vittorio )
We have approx 10000 customers whose credentials (user id, password) are currently stored in a SQL Server table.
Question is what is the best practice (for cloud implementation) to manage authentication for those 10000 customers (who are not domain users) using WIF featires ? Pl point me the right articles or example descrbing the above scenario.
Thanks in advance.
TC
Hi,
Thanks for the excellant article and downloads.
I am trying to secure WCF services by implementing claim based authenticaion using WIF.
The WCF services are consumed by web clients over internet. These clients are not domain users, however each client is assigned with unique user id and password and it is stored in SQL database.
I am planning to develop active STS for WCF authentication. Is this corrcet approach?
Can you please suggest the best practice for implementing claim based authentication for securing wcf services consumed by web clients over internet?
Thanks and regards,
Prabhakaran