Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Activity Profile

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Identity and Access Control

Posted: Dec 10, 2012 at 3:46 PM
By: ClemensV
Avg Rating: 5

(9)
16,975 Views
3 Comments
reddit

Tweet

39 minutes, 11 seconds

format
< > embed
+ queue

Sign In first to access your queue.
Close

Sorry, video was not added to the queue, an error occurred. Please Contact Us and let us know.
Close

Embed code for this video

Copy the code above to embed our video on your website/blog.

Video format

Option selected may change based on video formats available and browser capability.

Auto
Use our suggested format for this video.
Smooth Streaming
Adaptive bitrate streaming - little buffering but lower video quality at times of low bandwidth. Silverlight 5 required
Progressive
Traditional buffered video format. Silverlight 5 required
HTML5
For browsers that support H.264 MP4 or WebM video playback such as:
IE9+, Firefox 4+, Chrome 5+, or Safari 4+.
Flash
For browsers that have the Adobe Flash Player plugin installed.

Download

Right click “Save as…”

MP3 (Audio only)

File size
35.9 MB
MP4 (iPod, Zune HD)

File size
212.7 MB
Mid Quality WMV (Lo-band, Mobile)

File size
208.8 MB
High Quality MP4 (iPad, PC)

File size
465.1 MB
Mid Quality MP4 (WP7, HTML5)

File size
325.2 MB
High Quality WMV (PC, Xbox, MCE)

File size
1.4 GB

Today I woke up thinking that talking about Identity and Access Control and how your strategy around that affects you (web-) app's architecture without going too deeply into the security lingo that usually comes with it. Here's the 40 minute result.

I start with HTTP's "native" authentication model RFC 2617 and how that's universally bad, with both Basic and Digest authentication having issues Digest being, ironically worse for the overall security strategy. Then I dive into why models that use tokens (or cookies) are better in terms of security and scalability and explore a range of variations amongst those.

Follow the Discussion

Follow
Oops, something didn't work.

Try again?

Sign In to be begin to follow these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.

Getting "follow" information

Stop following these comments

Start following these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.

Removing your "follow"

Setting up your "follow"

Did you know you can
sign up for email notifications?
- Subscribe to this comments

codingoutloud

Dec 12, 2012 at 11:50 AM

Clemens mentions a Firefox plug-in that helps steal session cookies over wifi, but he could not recall the name. I believe he was thinking of Firesheep: http://codebutler.com/firesheep/
kentweare

Dec 26, 2012 at 10:55 AM

A great primer for those new to ACS and federated security. Thanks for publishing this.

Kent
ilija injac Ilija Injac

Jan 10, 2013 at 2:19 AM

This is really a great introduction into ACS and its feature-set on a conceptual base. What I miss the most, are some samples, or better some video demonstration, about WCF and best practices regarding service throttling on Azure. A video only about WCF being hosted in Worker Roles on Azure using ACS would also be great
Thank you.

Ilija

Remove this comment

Remove this thread

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.