did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780735640597

A Guide to Claims-Based Identity and Access Control: Authentication and Authorization for Services and the Web

by
  • ISBN13:

    9780735640597

  • ISBN10:

    0735640599

  • Format: Paperback
  • Copyright: 2010-04-15
  • Publisher: Microsoft Pr

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

List Price: $29.99 Save up to $7.50
  • Rent Book $22.79
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 2-3 BUSINESS DAYS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

As systems have become interconnected and more complicated, programmers needed ways to identify parties across multiple computers. One way to do this was for the parties that used applications on one computer to authenticate to the applications (and/or operating systems) that ran on the other computers. This mechanism is still widely used-for example, when logging on to a great number of Web sites. However, this approach becomes unmanageable when you have many co-operating systems (as is the case, for example, in the enterprise). Therefore, specialized services were invented that would register and authenticate users, and subsequently provide claims about them to interested applications. Some well-known examples are NTLM, Kerberos, Public Key Infrastructure (PKI), and the Security Assertion Markup Language (SAML). Most enterprise applications need some basic user security features. At a minimum, they need to authenticate their users, and many also need to authorize access to certain features so that only privileged users can get to them. Some apps must go further and audit what the user does. On Windowsr, these features are built into the operating system and are usually quite easy to integrate into an application. By taking advantage of Windows integrated authentication, you don't have to invent your own authentication protocol or manage a user database. By using access control lists (ACLs), impersonation, and features such as groups, you can implement authorization with very little code. Indeed, this advice applies no matter which OS you are using. It's almost always a better idea to integrate closely with the security features in your OS rather than reinventing those features yourself. But what happens when you want to extend reach to users who don't happen to have Windows accounts? What about users who aren't running Windows at all? More and more applications need this type of reach, which seems to fly in the face of traditional advice. This book gives you enough information to evaluate claims-based identity as a possible option when you're planning a new application or making changes to an existing one. It is intended for any architect, developer, or information technology (IT) professional who designs, builds, or operates Web applications and services that require identity information about their users.

Author Biography

Dominick Baier splits his time between being an independent security consultant and an instructor for DevelopMentor - teaching and authoring the ASP.NET and the .NET security curriculum. He has a degree in computer science (German Diplom Ingenieur), is a certified BS7799/ISO17799 Lead Auditor and speaks at various conferences (WinDev, DevWeek, ADC) about application security. When not teaching he spends his time researching security, doing audits and penetration tests and helps other developers around the world to build more secure applications. Dominick maintains a security blog at http://www.leastprivilege.com.

Vittorio Bertocci is a Senior Architect Evangelist in the Windows Azure Platform Evangelism team with Microsoft® Corp. After four years in the Italian Microsoft Consulting Services, Vittorio moved to the U.S. headquarters in Redmond, where he has spent the past four years helping customers deploy solutions based on identity and access management, SOA, and services. He currently focuses on all things identity, working with the developer's community, large enterprises and partners. Vittorio is a published author; he frequently speaks about identity at international conferences and maintains a popular blog at http://blogs.msdn.com/vbertocci.

Keith Brown is a co-founder of Pluralsight, a premier Microsoft® .NET training provider. Keith is the author of Pluralsight's Applied .NET Security course as well as several books, including The .NET Developer's Guide to Windows® Security, which is available both in print and on the Web. Learn more at www.pluralsight.com/keith

Matias Woloski is an Enterprise Architect at Southworks S.R.L. He's been involved in software development for 6 yeasr. Currently, he's working with the patterns & practices team at Microsoft® in a Scrum-driven project. He maintains a blog at http://blogs.southworks.net/mwoloski/

Eugenio Pace works in the Software and Services group for the Microsoft® Architecture Strategy team. He develops architecture guidance to help ISVs, Hosters and Companies, build, run and consume software delivered as a service. His blog can be found at http://blogs.msdn.com/eugeniop/

Table of Contents

Foreword
Kim Cameronp. ix
Stuart Kwanp. xi
Preface
Who This Book Is Forp. xii
Why This Book Is Pertinent Nowp. xiv
A Note About Terminologyp. xiv
How This Book Is Structuredp. xvi
What You Need to Use the Codep. xxi
Who's Whop. xix
Acknowledgementsp. xxi
An Introduction to Claims
What Do Claims Provide?p. 1
Not Every System Needs Cliamsp. 2
Claims Simplify Authentication Logicp. 3
A Familiar Examplep. 3
What Makes a Good Claim?p. 5
Understanding Issuers and ADFSp. 6
User Anonymityp. 7
Implementing Claims-Based Identityp. 7
Add Logic to Your Applications to Support Claimsp. 7
Acquire or Build an Issuerp. 8
Configure Your Application to Trust the Issuerp. 8
Configure the Issuer to Know About the Applicationp. 9
A Summary of Benefitsp. 10
Moving Onp. 10
Claims-Based Architectures
A Closer Look at Claims-Based Architecturesp. 12
Browser-Based Applicationsp. 13
Smart Clientsp. 20
Federating Identity Across Realmsp. 22
The Benefits of Cross-Realm Identityp. 23
How Federated Identity Worksp. 24
Home Realm Discoveryp. 26
Design Considerations for Claims-Based Applicationsp. 28
What Makes a Good Claim?p. 28
How Can You Uniquely Identify One User From Another?p. 29
How Can You Get a List of All Possible Users and All Possible Claims?p. 29
Where Should Claims Be Issued?p. 30
Claims-Based Single Sign-On for the Web
The Premisep. 33
Goals and Requirementsp. 35
Overview of the Solutionp. 36
Inside the Implementationp. 38
a-Expense Before Claimsp. 39
a-Expense with Claimsp. 41
a-Order Before Claimsp. 48
a-Order with Claimsp. 49
Signing Out of an Applicationp. 50
Setup and Physical Deploymentp. 50
Using a Mock Issuerp. 50
Isolating Active Directoryp. 51
Converting to a Production Issuerp. 52
Enabling Internet Accessp. 52
Variation-Moving to Windows Azurep. 52
More Informationp. 56
Federated Identity for Web Applications
The Premisep. 57
Goals and Requirementsp. 58
Overview of the Solutionp. 58
Benefits and Limitationsp. 63
Inside the Implementationp. 63
Setup and Physical Deploymentp. 63
Using Mock Issuers for Development and Testingp. 63
Establishing Trust Relationshipsp. 64
More Informationp. 65
Federated Identity for Web Services
The Premisep. 67
Goals and Requirementsp. 68
Overview of the Solutionp. 68
Inside the Implementationp. 70
Implementing the Web Servicep. 70
Implementing the Active Clientp. 72
Implementing the Authorization Strategyp. 75
Debugging the Applicationp. 76
Setup and Physical Deploymentp. 77
Configuring ADFS 2.0 for Web Servicesp. 77
Federated Identity with Multiple Partners
The Premisep. 81
Goals and Requirementsp. 82
Overview of the Solutionp. 83
Using Claims in Fabrikam Shippingp. 86
Inside the Implementationp. 88
Setup and Physical Deploymentp. 97
Establishing the Trust Relationshipp. 97
User-Configurable Claims Transformation Rulesp. 99
Using Fedutilp. 101
Message Sequencesp. 103
The Browser-Based Scenariop. 104
The Active Client Scenariop. 116
Industry Standardsp. 123
Security Assertion Markup Language (SAML)p. 123
WS-Federationp. 123
WS-Federation: Passive Requestor Profilep. 123
WS-Securityp. 124
WS-SecureConversationp. 124
WS-Trustp. 124
XML Encryptionp. 124
Certificatesp. 125
Certificates for Browser-Based Applicationsp. 125
On the Issuer (Browser Scenario)p. 127
On the Web Application Serverp. 127
Certificates for Active Clientsp. 128
On the Issuer (Active Scenario)p. 128
On the Web Service Hostp. 130
On the Active Client Hostp. 132
Glossaryp. 133
Indexp. 143
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program