mdc 2013. send me feedback! //bit.ly/bqtmdc13
TRANSCRIPT
![Page 1: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/1.jpg)
Demystifying the Modern Identity Stack
Mike Benkovich- @mbenkoLocal Computer Guywww.Benkotips.com
mdc2013
![Page 2: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/2.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Mike Benkovich [email protected] - Former Microsoft developer evangelist- Twin Cities based- Technology Services- Windows 8, phone, and Cloud consulting- www.benkoTIPS.com - @mbenko on Twitter- Send me Feedback! http://bit.ly/bqtMDC13
![Page 4: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/4.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
What is the Microsoft Identity Stack?How to use Application IdentityHow to use Public IdentityHow to use Corporate Identity
Tackle those, and you’ve got the Identity Stack!
Checklist
![Page 5: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/5.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Application Identity
User accounts created for sole use by the appStorage and management of accounts?How do you securely store passwords?How do users reset or retrieve their passwords?
![Page 6: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/6.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Some History…
2005 - Forms Based Authentication (provider model)
![Page 8: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/8.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
IIS Process Flow
AuthenticationBasic NTLM Anon
CGI
Static File
ISAPI
Send Response
CompressionLog
HTTP Request
Determine
Handler
aspnet_isapi.dll
Authentication
Windows
ASPX
Trace…
Forms
Map Handler
HTTP Response
Basic
Anon
Static File
ISAPI
Send Response
Compression
Log
HTTP Request
HTTP Response
Execute Handler
aspnet_isapi.dll
Authentication
Windows
ASPX
Trace…
Forms
Map Handler
Authorization
ResolveCache
UpdateCache
Authentication
![Page 9: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/9.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
IIS Configuration
Found in ApplicationHost.configCustomized per app in web.configChanges in config affect pipeline processingThis is how to configure IIS to run PHP
![Page 10: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/10.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
.NET Provider Model
Membership provider abstracts authentication patternRole provider handles authorizationPlug and play…custom providersImplemented thru IIS pipeline
<system.web> <authorization> <deny users="?" /> </authorization>
<authentication mode="Forms"> <forms loginUrl="myLogin.aspx"/> </authentication></system.web>
![Page 12: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/12.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Public Identity
OAuth and standards basedToken servers that provide information about usersDon’t have to manage passwordsThink Google, Facebook, Twitter, Live ID, LinkedIn…
…but…Limited claim setHow much should you trust
it?
![Page 14: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/14.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
2010 ACS – Access Control Services
Acts as a “bouncer” to check id before granting accessHandles OAuth conversation with simple redirectionClaims based authenticationPart of Windows Azure servicesRequires namespaceHandles creation of access token
<system.webServer> <modules> <remove name="FormsAuthentication" /> <add name="WSFederationAuthenticationModule" … <add name="SessionAuthenticationModule" … </modules> </system.webServer>
![Page 16: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/16.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Some History…
2005 - Forms Based Authentication (provider model)
2010 - Access Control Services (Windows Azure)
2012 - Simple Membership Provider
![Page 18: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/18.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Some History…
2005 - Forms Based Authentication (provider model)
2010 - Access Control Services (Windows Azure)
2012 - Simple Membership Provider 2012 - Azure Mobile Services
![Page 19: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/19.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Windows Azure Mobile Services
Cross device REST based interfaceProvides Data, Notification, Scheduling and Identity featuresConfigurable for identity providersSimple coding model
![Page 21: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/21.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Some History…
2005 - Forms Based Authentication (provider model)
2010 - Access Control Services (Windows Azure)
2012 - Simple Membership Provider 2012 - Azure Mobile Services 2013 - Azure Active Directory
![Page 22: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/22.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Corporate Identity
Managed by security teamProvision user accountsDeactivate accounts as neededTypically directory based…Active DirectoryIncludes more information than just credentials
![Page 23: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/23.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Windows Azure Active Directory
Manage UsersApplications and accessClaims apiOAuth
![Page 24: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/24.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Windows Azure Active Directory
Contoso’s On-Premises Directory
AM
Windows Azure Active Directory
Dir
Sync
Contoso’s tenant
SAML-P
WS-Federation
Metadata
OAuth2Management Portal
Graph API
![Page 25: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/25.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Windows Azure Active Directory
Contoso’s On-Premises Directory
AM
![Page 27: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/27.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Where’s your Identity?
Thick Client Web Devices
Application Identity
Custom FBA Custom
Corporate Identity
NTLMACS
ADFSAzAD
ADFS
Public Identity
WebAuthBroker
ACSSimple
ProviderMobile Svc
Mobile Svcs
![Page 28: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/28.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
More information
Download slides and demo code atwww.benkoTIPS.com
Follow Vittorio Bertocci – Identity Architect at Microsoft @vibronet and www.cloudidentity.com
Contact me at [email protected]
![Page 30: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/30.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Windows Azure Active Directory
Contoso’s On-Premises Directory
AM
![Page 31: Mdc 2013. Send me Feedback! //bit.ly/bqtMDC13](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649eec5503460f94bfd468/html5/thumbnails/31.jpg)
Send me Feedback! http://bit.ly/bqtMDC13
Registration• Today - via
Graph Explorer• Soon - via
Windows Azure Portal
Clients and Resources in Windows Azure AD
App Resource
App Resource