Windows Identity Foundation (WIF) SDK Help Overhaul

• Overview
  • Identity Challenges – SSO, Identity Flow, Fine Grained Authorization (Changed from: Identity Silos)
  • The Claims-Based Identity Model
  • Solution Concept (Changed from: Basic Scenario)
  • Security Token Service
  • Relying Party
  • Solution Implementation Overview (Changed from: Federation Scenario)
  • Fast track (How to use this content)
• Getting Started
  • Windows Identity Foundation SDK - Download and Installation of runtime and dev tools (External)
  • Windows Identity Foundation Download and Installation of runtime only (External)
  • Requirements (Changed from Windows Identity Foundation SDK)
  • How to: Build an ASP.NET Relying Party Application
  • How to: Build a WCF Relying Party Application
• Product Features
  • What is Windows Identity Foundation?
  • Expose claims to ASP.NET applications and WCF services via Integration with IIdentity and IPrincipal
  • Visual Studio Templates
  • Administrative trust management using FedUtil tool
  • Federated Sign In ASP.NET control
  • Translate between claims and NT tokens
  • Support for Identity Delegation Scenario via ActAs token
  • Supports the WS-Trust protocol, Active Profile
  • Supports WS-Federation, Passive profile
  • Glossary
• Architecture
  • The Claims-Based Identity Model
  • Integration with IIdentity and IPrincipal
  • How WIF Processes Requests– (Changed from: Building Relying Party Applications)
  • Security Token Service
  • Relying Party
  • What is an IP-STS and what is a RP-STS?
  • WS-Federated Authentication Module Overview
  • Session Management
  • IssuerNameRegistry
  • Claims to Windows Token Service (c2WTS) Overview
  • ClaimsAuthenticationManager, ClaimsAuthorizationManager, and OriginalIssuer
  • Claims Issuance Pipeline
  • Token Handlers
  • Built-In Token Handlers
• Application Scenarios and Solutions
  • Integrating WIF with ASP.NET web applications (Changed from: Building ASP.NET Relying Party Applications)
    • How to: Build an ASP.NET Relying Party Application
    • How To: Establishing Trust from an ASP.NET Relying Party Application to an STS using FedUtil
    • How To: Establishing Trust from an ASP.NET Relying Party Application to an STS using the FederatedPassiveSignIn
    • Sample: Simple Claims Aware Web Application
    • Sample: Claims based Authorization
    • Sample: Using Claims In IsInRole
  • Integrating WIF with WCF services (Changed from: Building WCF Relying Party Applications)
    • WCF Application Compatibility
    • WCF: WSTrustChannelFactory and WSTrustChannel
    • WCF: Built-in Bindings Overview
    • How to: Build a WCF Relying Party Application
    • How To: Establishing Trust from a WCF Relying Party Service to an STS using FedUtil
    • Sample: Simple Claims Aware Web Service
    • Sample: Claims based Authorization
    • Sample: Using Claims In IsInRole
  • Building Security Token Services (STS) (Changed from: Building an STS)
    • How to: Build Passive Profile (WS-Federation) STS – For ASP.NET (Changed from: How to: Build an ASP.NET STS)
    • How to: Build Active Profile (WS-Trust) STS – For WCF (Changed from: How to: Build a WCF STS)
• WIF Anatomy
  • Identification (how a client identifies itself)
    • WIF Client
    • ASP.NET: Missing Web Client
    • WCF: WSTrustChannelFactory and WSTrustChannel
    • WCF: Built-in Bindings Overview
  • Authentication (how client's credentials validated)
    • Building ASP.NET Relying Party Applications – Explained
    • How to: Build an ASP.NET Relying Party Application – How to
    • Building WCF Relying Party Applications – Explained
    • How to: Build a WCF Relying Party Application – How-to
  • Identity flow (how the token flows through the layers/tiers)
    • Session Management
    • Claims to Windows Token Service (c2WTS) Overview
    • Identity Delegation Scenario – How-To
    • Token Handlers - Explained
    • How to Use SAML 2 Tokens
    • Thread Safety When Reserializing Bootstrap Tokens
  • Authorization (how relying party - application or service - decides to grant or deny access)
    • Step-Up Authentication Scenario – How-to
    • Implement Authorization in ASP.NET – How-to [Missing]
    • Implement Authorization in WCF – How-to [Missing]
    • Best Practices for ClaimsPrincipal.IsInRole
    • Configure WCF Service Virtual Directories to Allow Anonymous Access
    • Design Considerations: IPrincipal and IClaimsPrincipal
  • Monitoring
    • WIF Tracing
  • Identity Provider
    • Building an STS – Explained
    • How to: Build an ASP.NET STS – Explained
    • ASP.NET Security Token Service Web Site – how to
    • How to: Build a WCF STS  - Explained
    • WCF Security Token Service – how to
  • Trust Management
    • FedUtil - Federation Utility for Establishing Trust from an RP to an STS
    • How To: Establishing Trust from an ASP.NET Relying Party Application to an STS using FedUtil
    • How To: Establishing Trust from a WCF Relying Party Service to an STS using FedUtil
    • How to: Perform Trust Management using FedUtil
    • How To: Establishing Trust from an ASP.NET Relying Party Application to an STS using the FederatedPassiveSignIn
  • Configuration
    • Web.Config changes when building Claims-Aware ASP.NET Web Site
    • Web.Config changes when building Claims-Aware WCF Service
    • Web.Config changes when building ASP.NET Security Token Service Web Site
    • Web.Config changes when building WCF Security Token Service
    • Configuration
    • ConfigureServiceHost
    • FederatedPassiveSignIn.AutoSignIn Redirect
    • Security Token Service Issuer Name
    • SessionSecurityToken Expiration Time
    • Windows Identity Foundation (WIF) Configuration Sections in ASP.NET Web.Config (External)
    • Token Handler Configuration
• Quality Attributes
  • Supportability
    • Known Issues
    • Case Sensitivity Login Failure
    • Certain Configuration Settings are Ignored
    • Compatibility with IssuedTokenAuthentication.KnownCertificates
    • Cookie Mode SSPI Authentication Not Supported
    • Quota Exceeded Exception When Using SAML2 Tokens that Contain ActAs Claims
    • Some Claims and ClaimsIdentity Properties Not Serialized
    • SSL Certificate Validation Failure
    • WCF Authentication Flags Compatibility
    • WS-Trust Verbs
  • Performance and Scalability
    • Sample: Claims Aware Web Application in a Web Farm
  • Security
    • Replay Detection
    • Security Considerations
    • Handling wtrealm and wreply
    • Secure Conversations
  • Flexibility
    • How to: Add a Custom Token Handler
    • How to: Create a Custom Issuer Name Registry
• Related Technology
  • Microsoft Federation Extensions for SharePoint 3.0
• API Reference
• Appendix
  • How-to’s index
    • How to: Build an ASP.NET Relying Party Application
    • How to: Build a WCF Relying Party Application
    • How to: Programmatically Enable WIF on a WCF Service
    • How to: Access Claims in an ASP.NET Page
    • How to: Request a Token from the c2WTS
    • How to: Build an ASP.NET STS
    • How to: Build a WCF STS
    • How to: Enable Tracing
    • How to: Build a Managed Card Issuance Site
    • How to: Add a Custom Token Handler
    • How to: Display the Caller's Sign-In Status
    • How to: Create a Custom Issuer Name Registry
    • How to: Perform Trust Management using FedUtil
    • How to: Configure Token Resolvers
    • How To: Establishing Trust from an ASP.NET Relying Party Application to an STS using FedUtil
    • How To: Establishing Trust from a WCF Relying Party Service to an STS using FedUtil
    • How To: Establishing Trust from an ASP.NET Relying Party Application to an STS using the FederatedPassiveSignIn
  • Code samples index (Changed from: Windows Identity Foundation SDK)
    • Simple Claims Aware Web Application
    • Simple Claims Aware Web Service
    • Simple Web Application With Information Card SignIn
    • Simple Web Application With Managed STS
    • Claims Aware Web Application in a Web Farm
    • Using Claims In IsInRole
    • Authentication Assurance
    • Federation For Web Services
    • Federation For Web Applications
    • Identity Delegation
    • Web Application With Multiple SignIn Methods
    • Federation Metadata
    • Claims Aware AJAX Application
    • Convert Claims To NT Token
    • Customizing Request Security Token
    • Customizing Token
    • WSTrustChannel
    • Claims based Authorization
    • A Guide to Claims-Based Identity and Access Control – Code Samples
  • Training

    • Identity Developer Training Kit

    • A Guide to Claims-Based Identity and Access Control — Book Download

    • WIF Workshop 1: Introduction to Claims-Based Identity and WIF

    • WIF Workshop 2: Lab on Basic Web Sites

    • WIF Workshop 3: Scenarios and Architecture I

    • WIF Workshop 4: Scenarios and Architecture II

    • WIF Workshop 5: Lab about Web Sites and STS

    • WIF Workshop 6: WIF ASP.NET Pipeline and Extensibility Points

    • WIF Workshop 7: WIF and WCF

    • WIF Workshop 8: Lab about WIF and WCF

    • WIF Workshop 9: WIF and Windows Azure

    • WIF Workshop 10: Lab about WIF and Windows Azure

  • Forums
    • Claims based access platform (CBA), code-named Geneva
    • Security for the Windows Azure Platform
    • Windows Live ID: Development

Related Books

• Programming Windows Identity Foundation (Dev - Pro)
• A Guide to Claims-Based Identity and Access Control (Patterns & Practices) – free online version
• Developing More-Secure Microsoft ASP.NET 2.0 Applications (Pro Developer)
• Ultra-Fast ASP.NET: Build Ultra-Fast and Ultra-Scalable web sites using ASP.NET and SQL Server
• Advanced .NET Debugging
• Debugging Microsoft .NET 2.0 Applications

Related Info

• Windows Identity Foundation (WIF) Configuration Sections in ASP.NET Web.Config
• Windows Identity Foundation (WIF) and Azure AppFabric Access Control (ACS) Service Survival Guide
• Azure AppFabric Access Control Service (ACS) v 2.0 High Level Architecture – Web Application
• Windows Identity Foundation (WIF) Explained – Web Browser Sign-In Flow (WS-Federation Passive Requestor Profile)
• Protocols Supported By Windows Identity Foundation (WIF)
• Windows Identity Foundation (WIF) By Example Part I – How To Get Started.
• Windows Identity Foundation (WIF) By Example Part II – How To Migrate Existing ASP.NET Web Application To Claims Aware
• Windows Identity Foundation (WIF) By Example Part III – How To Implement Claims Based Authorization For ASP.NET Application
• Identity Developer Training Kit
• A Guide to Claims-Based Identity and Access Control – Code Samples
• A Guide to Claims-Based Identity and Access Control — Book Download