In this post we’ll focus on security. We’ll try to prove that claims base authentication is safe. As we remember SAML tokens are issued by “trusted” STS. But what exactly does “trusted” issuer mean? In this post, we’ll try to find definition of “trusted issuer”, a list of attributes which decide that issuer is trusted.

In the previous article basic information about authentication and authorization process on .Net has been presented. Security Token Service is an integral part of claim based approach. As we remember from the previous article, STS is responsible for handling user’s requests and creating tokens; it can also work in two modes: active and passive. In this article we focus on Active STS, as we will only try to build sample STS.

Framework WIF dostarcza ujednolicony model zabezpieczeń. W łatwy sposób można przełączać się między tokenami generowanymi na podstawie loginu\hasła czy CardSpace – kod pozostaje niezmienny. Zainteresowanych zapraszam mojego ostatniego artykułu: http://msdn.microsoft.com/pl-pl/library/ff720168.aspx