Wednesday, June 9, 2010

How to associate a web application (RP) to an existing Security Token Service (STS) using Federation Utility (FedUtil.exe)

Federation utility is a very nice little tool that can automatically configure your claim based web application (which is called Relying Party or RP in the Federation language) to trust an existing security token service (STS). It comes with WIF SDK available from Microsoft. This tool can also create a new STS based on your own claim based web application, but this is not on the scope of the current post.
In order to establish the trust you’ll have to do the following steps:

Federation Metadata Editor on codeplex

I have just opened a new project on codeplex to host the source code of  the Federation Metadata Editor I mentioned on my previous post. Check it out at

Tuesday, June 8, 2010

The need of claim based security model and identity federation

The last couple of days I have been working on Windows Identity Foundation. In order to take advantage of this framework, you should start writing claim based application. Forget the old fashion role based and start demanding claims! Why to convert to claim based application you may wonder... There are many reasons why you should do that but the most appealing ones I can think of are the following:

Saturday, June 5, 2010

Building openvpn 2.1.1 with enable-password-save on windows

Lately I’ve been having some requests on how to build openvpn 2.1.1 with enable-password-save. The truth is that a few things have changed since my last post. In order to fill these requests I decided to write down a few things about the process. If you are intrested in downloading an allready compiled version or openvpn 2.1.1 with enable-password-save, check out this post. 4.0 URL rewriting aka Routing

Are you tired of having ugly urls in your website like product.aspx?product=1? Are you concerned about having a search engine optimized web site? provides the mean to easily rewrite your urls via the System.Web.Routing namespace.
I have composed a simple website with lots of comments in it, that demonstrates this new (not so new actually because this mechanism exists since .net 3.5 sp1) mechanism.

Friday, June 4, 2010

WIF Custom STS metadata file editor

The last couple of days I have been wondering in the magic world of Identity Federation. Although the windows identity foundation SDK provides a great tool to associate an RP (Relying Party) application with an existing STS (Security Token Service), it requires that the STS have a Federation metadata xml file. If you simply want to automatically generate the STS from the application, then the SDK provide the automatic STS generation on the right click of the RP website, which generates a new STS web site (in c#) based on the RP’s web config file. On the other hand, if you are up to creating a new custom STS without the RP, then you have to manually create the manifest file, which is really very frustrating! On my search around the net I found a couple of federation metadata file creators but none of them had the ability to edit an existing one. Unfortunately, I had to edit the manifest file quite often and thus I had to create a tool to do so. This is why I created the STS Federation Metadata Editor which you may download freely on the following link.
Hope this simplifies your custom STS development efforts!