Few year ago, when I was being an ASP.NET enthusiast, I had to deal with the problem known as hop the credential over servers. It looks that this problem still is the major pain for the most of ASP.NET developers, because many of them so often asks me that they lose the user credentials connecting to...
Whenever you are going to map user identity to a Windows identity using the certificate in WCF development, there's no active mapping from the client certificate to a Windows account. You can enable it by setting mapClientCertificateToWindowsAccount on the service credentials to be true. < serviceCredentials...
Microsoft Patterns and Practices Group has published a nice guidance for WCF security. Excellent set of Questions and Answers, separated in different categories such as: Design Considerations, Auditing and Logging, Authentication, Authorization, Exception Management, Hosting etc. Go directly to CodePlex...
Everyone who knows Kerberos will agree that it is still one of the most secure authentication mechanism but at the same time it is the dubious task to configure Kerberos authentication because his complexity and presents a difficult task to undertake if you don't know how. As with most things, if...
A common scenario for developers is that they create an assembly that needs to be hosted by application with permission given to it by default from Internet or LocalIntranet zone code groups. Typical example for this scenario is any hosted assembly in Internet Explorer. By default, the first developer...
Windows Server 2008 Security Guide is available on Microsoft TechNet site and my favorite subject inside is actually IIS7 related chapter ( Chapter 6: Hardening Web Services ). This chapter focuses on how to harden Web servers running Windows Server 2008. The Web Server role by default installs IIS 7...