1 / 32

Demystifying the Modern Identity Stack

mdc 2013. Demystifying the Modern Identity Stack. Mike Benkovich- @ mbenko Local Computer Guy www.Benkotips.com. Mike Benkovich mike@benko.com. - Former Microsoft developer evangelist - Twin Cities based - Technology Services

justus
Download Presentation

Demystifying the Modern Identity Stack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. mdc2013 Demystifying the Modern Identity Stack Mike Benkovich- @mbenko Local Computer Guy www.Benkotips.com

  2. Mike Benkovich mike@benko.com • - Former Microsoft developer evangelist • - Twin Cities based • - Technology Services • - Windows 8, phone, and Cloud consulting- www.benkoTIPS.com • - @mbenkoon Twitter • - Send me Feedback! http://bit.ly/bqtMDC13

  3. Identity Story

  4. Checklist • Tackle those, and you’ve got the Identity Stack! • What is the Microsoft Identity Stack? • How to use Application Identity • How to use Public Identity • How to use Corporate Identity

  5. Application Identity • User accounts created for sole use by the app • Storage and management of accounts? • How do you securely store passwords? • How do users reset or retrieve their passwords?

  6. Some History… • 2005 - Forms Based Authentication (provider model)

  7. Web Request

  8. IIS Process Flow HTTP Request HTTP Request Anon Anon Basic Basic NTLM Authentication Authentication ResolveCache Authorization aspnet_isapi.dll aspnet_isapi.dll CGI Execute Handler Authentication Authentication Determine Handler Static File Forms Forms Windows Windows Static File ASPX ASPX ISAPI ISAPI Map Handler Map Handler Trace Trace … … UpdateCache Send Response Send Response Log Log Compression Compression HTTP Response HTTP Response

  9. IIS Configuration • Found in ApplicationHost.config • Customized per app in web.config • Changes in config affect pipeline processing • This is how to configure IIS to run PHP

  10. .NET Provider Model • Membership provider abstracts authentication pattern • Role provider handles authorization • Plug and play…custom providers • Implemented thru IIS pipeline <system.web> <authorization> <denyusers="?" /> </authorization> <authenticationmode="Forms"> <formsloginUrl="myLogin.aspx"/> </authentication> </system.web>

  11. DEMO • Provider Model

  12. Public Identity • OAuth and standards based • Token servers that provide information about users • Don’t have to manage passwords • Think Google, Facebook, Twitter, Live ID, LinkedIn… • …but… • Limited claim set • How much should you trust it?

  13. REST, OAuth2 Resource App

  14. 2010 ACS – Access Control Services • Acts as a “bouncer” to check id before granting access • Handles OAuth conversation with simple redirection • Claims based authentication • Part of Windows Azure services • Requires namespace • Handles creation of access token <system.webServer> <modules> <removename="FormsAuthentication" /> <addname="WSFederationAuthenticationModule" … <addname="SessionAuthenticationModule" … </modules> </system.webServer>

  15. DEMO • Access Control Services

  16. Some History… • 2005 - Forms Based Authentication (provider model) • 2010 - Access Control Services (Windows Azure) • 2012 - Simple Membership Provider

  17. DEMO • Simple Membership Provider

  18. Some History… • 2005 - Forms Based Authentication (provider model) • 2010 - Access Control Services (Windows Azure) • 2012 - Simple Membership Provider • 2012 - Azure Mobile Services

  19. Windows Azure Mobile Services • Cross device REST based interface • Provides Data, Notification, Scheduling and Identity features • Configurable for identity providers • Simple coding model

  20. DEMO • Mobile Services

  21. Some History… • 2005 - Forms Based Authentication (provider model) • 2010 - Access Control Services (Windows Azure) • 2012 - Simple Membership Provider • 2012 - Azure Mobile Services • 2013 - Azure Active Directory

  22. Corporate Identity • Managed by security team • Provision user accounts • Deactivate accounts as needed • Typically directory based…Active Directory • Includes more information than just credentials

  23. Windows Azure Active Directory • Manage Users • Applications and access • Claims api • OAuth

  24. Windows Azure Active Directory Management Portal Windows Azure Active Directory OAuth2 SAML-P WS-Federation Metadata Graph API Contoso’s tenant Dir Sync A M Contoso’s On-Premises Directory

  25. Windows Azure Active Directory A M Contoso’s On-Premises Directory

  26. DEMO • Windows Azure Active Directory

  27. Where’s your Identity?

  28. More information • Download slides and demo code at • www.benkoTIPS.com • Follow Vittorio Bertocci – Identity Architect at Microsoft @vibronetand www.cloudidentity.com • Contact me at mike@benko.com

  29. REST, OAuth2 Resource App

  30. Windows Azure Active Directory A M Contoso’s On-Premises Directory

  31. Clientsand Resources in Windows Azure AD • Registration • Today - via Graph Explorer • Soon - via Windows Azure Portal Resource Resource App App

  32. Demo

More Related