Using Windows Identity Foundation For Creating Identity-Driven Experiences in Silverlight Caleb Baker Sr. Program Manager [email protected] Agenda • Identity and Claims • Using Claims in Silverlight • Wrap Up.

Download Report

Transcript Using Windows Identity Foundation For Creating Identity-Driven Experiences in Silverlight Caleb Baker Sr. Program Manager [email protected] Agenda • Identity and Claims • Using Claims in Silverlight • Wrap Up.

Using
Windows Identity Foundation
For Creating
Identity-Driven Experiences
in
Silverlight
Caleb Baker
Sr. Program Manager
[email protected]
Agenda
• Identity and Claims
• Using Claims in Silverlight
• Wrap Up
What are the Opportunities with
Identity?
The Basics
Identity is Used to:
Control Access
• Authentication
• Authorization
Personalize an Experience
Identity Silos
Tear Down the Silos!
• Identity is Reusable
• Removes Complexity for your Application
Identity As a Service
Your
Application
Identity Provider
Application
Claims
Identity Provider
Claims
A Statement Made by One Entity
About Another Entity
A Type of Information
http://claim.contoso.com/identity/age
Containing a Value
over 21
According to Whom
Department of Licensing
Examples
Name
Address
Age
Frequent Flier
Employer
Gender
Information about a user your app needs
Demo Scenario
The Companies
A large widget producer.
An events planning start-up,
which just won a contract with
Contoso.
Challenge
How Can Fabrikam Provide Access for Contoso
Users?
First Solution
Users Can register Using Their Work Email
This works, but there is an easier way
Another Solution
Use a claims-based approach
Claims
Identity Provider
Identity Provider
Identity Provider
Claims
Identity Provider
How Claims are being sent
Communication of Claims
WS-Federation
WS-Trust
What’s Important is these are Standards based.
Which Means they Work With other Solutions.
The Ingredients
Silverlight 3 or 4
Silverlight SDK
Windows Identity Foundation
Windows Identity Foundation SDK
Training Kit Sample assemblies
SL.IdentityModel.dll
SL.IdentityModel.Server.dll
Demo
Review
Fabrikam used Contoso Identities
• To Authenticate Users
• To Customize the User Experience
• Reduce Friction and Complexity
Out Of Browser
Moving Out Of the Browser Presents pProblems
with Browser Based Authentication
Challenge
Requesting Claims to Sign in to Fabrikam from
Out of Browser.
Browser Redirect work
Solution
Request Claims Using a Web Service
Solution
Request
Fabrikam
Relying Party
Response
Identity Provider
Demo
Control Access
Grant access control based on claims
1. Employees should be able to view events
2. Managers can schedule events
Challenge
How does Fabrikam know who is a manager at
Contoso?
Option one
One way to solve this is with an administrator
accounts
Solution without claims
Solution With Claims
Perform Access Check Using Claims
Demo
Mashup
Goals for Contoso’s Event Planner Application
1) Managers can query a local directory for a list of
employees.
2) Call the Fabrikam service with list of invitees.
Challenges
How to authenticate a cross site call?
First Solution
Have the user provide credentials required
to access the service
Username
Password
Username
Password
Claims Based Solution
The Contoso Client Application Requests Claims
for Fabrikam
Identity Provider
Silverlight
Application
Events
Web service
Demo
Security Considerations
Cross domain call requires Fabrikam to publish
one of the following
1) ClientAccessPolicy.xml
2) CrossDomain.xml
Cross domain token reuse
What prevents Fabrikam from accessing the
Contoso service as the user?
Available resources
Windows Identity Foundation
Released Nov. 2009
Active Directory Federation Services 2.0
(AD FS RC 2.0)
Released the first half of this year
Training Kit:
http://go.microsoft.com/fwlink/?LinkId=148795
Team blog: http://blogs.msdn.com/card
Feedback
What seems interesting
What else would you like to see?
Windows Phone 7?
Email: [email protected]
Forum:
http://social.msdn.microsoft.com/Forums/enUS/Geneva/threads/
Please fill out Session Evaluations
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.