Channel 9

Entries:
Comments:
Discussions:

Loading user information from Channel 9

Something went wrong getting user information from Channel 9

MSDN

Activity Profile

Latest Achievement:

Loading user information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements
Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Identity and Access Control

39 minutes, 11 seconds
Close

Download

How do I download the videos?

  • To download, right click the file type you would like and pick “Save target as…” or “Save link as…”

Why should I download videos from Channel9?

  • It's an easy way to save the videos you like locally.
  • You can save the videos in order to watch them offline.
  • If all you want is to hear the audio, you can download the MP3!

Which version should I choose?

  • If you want to view the video on your PC, Xbox or Media Center, download the High Quality MP4 file (this is the highest quality version we have available).
  • If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality MP4 file.
  • If you have a Windows Phone, iPhone, iPad, or Android device, choose the low or medium MP4 file.
  • If you just want to hear the audio of the video, choose the MP3 file.

Right click “Save as…”

Today I woke up thinking that talking about Identity and Access Control and how your strategy around that affects you (web-) app's architecture without going too deeply into the security lingo that usually comes with it. Here's the 40 minute result.

I start with HTTP's "native" authentication model RFC 2617 and how that's universally bad, with both Basic and Digest authentication having issues Digest being, ironically worse for the overall security strategy. Then I dive into why models that use tokens (or cookies) are better in terms of security and scalability and explore a range of variations amongst those.

Tags:

Follow the discussion

  • Oops, something didn't work.

    Try again?
    Getting subscription
    Unsubscribe to this conversation
    Subscribe to this conversation

    What does this mean?

    Subscriptions allow us send you email notifications when new content is added.
    Unsubscribing
    Subscribing
  • codingoutloudcodingoutlo​ud

    Clemens mentions a Firefox plug-in that helps steal session cookies over wifi, but he could not recall the name. I believe he was thinking of Firesheep: http://codebutler.com/firesheep/

  • kentwearekentweare

    A great primer for those new to ACS and federated security.  Thanks for publishing this.

     

    Kent

  • @awsomedevsignerilija injac Ilija Injac

    This is really a great introduction into ACS and its feature-set on a conceptual base. What I miss the most, are some samples, or better some video demonstration, about WCF and best practices regarding service throttling on Azure. A video only about WCF being hosted in Worker Roles on Azure using ACS would also be great Smiley

    Thank you.

     

    Ilija

     

Remove this comment

Remove this thread

Close

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.

More entries in this blog

See more…

Related episodes

Powered by Azure Machine Learning
Creative Commons License

© 2016 Microsoft. Except where designated as licensed by
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License,
Microsoft reserves all rights associated with the materials on this site.