building applications that combine wcf, wf and cardspace in the.net framework 3.5 gaëtan holderbeke...
TRANSCRIPT
![Page 1: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/1.jpg)
Building applicationsthat combineWCF, WF and Cardspace in the .NET Framework
3.5
Gaëtan HolderbekeXavier Pellegrino
![Page 2: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/2.jpg)
Session Objectives & Prerequisites
ObjectivesWCF & WF OverviewMessaging using Workflow ServicesIdentity Metasystem Securing WCF with CardSpace
PrerequisitesExperience with either WF or WCF in .NET 3.0Application Security basisSome experience with the other
![Page 3: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/3.jpg)
Agenda
Introduction to:WCFWF
Better Together:Workflow ServicesService Communications
Identity Metasystem:CardSpaceSTS
![Page 4: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/4.jpg)
{WCF}
![Page 5: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/5.jpg)
Rhetorical Question
WHAT IS A SERVICE?
Some functionality exposed via a structured messaging scheme…
![Page 6: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/6.jpg)
Windows Communication Foundation
The Swiss-Army Chainsaw of service platforms
Unified programming model
Great manageability featuresTracing, message logging, threading controls, DOS remediation, WMI integration, configurability, etc.
Introduced in .NET 3.0, enhanced in .NET 3.5
![Page 7: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/7.jpg)
Clients, Services & Endpoint
Client Service
Message
EndpointEndpoint
Endpoint
Endpoint
CBA
CBA
ABC
CBA
AddressWhere?
ContractWhat?
BindingHow?
Endpoint
![Page 8: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/8.jpg)
WCF Gross Anatomy<service>
<endpoint name=“MyService”
address=“http://MyServer:6666/MyService” binding=“basicHttpBinding”
contract=“IMyInterface”/>[ServiceContract]public interface IMyInterface { [OperationContract] void MyMethod(String arg);}
[ServiceBehavior(InstanceContextMode=
InstanceContextMode.Single]public class MyService: IMyInterface { public void MyMethod(String arg){…}}
Service Contract Definition
Address
Binding
Contract
Service Type
![Page 9: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/9.jpg)
{WF}
![Page 10: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/10.jpg)
Windows Workflow Foundation
What is Workflow?
What’s the value of Workflow?
Workflow is the organization of work
Long Running Logic
FlexibilityTransparency
Visual Studio Designer
A Workflow
Activity
![Page 11: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/11.jpg)
Workflow ServicesApproaches
Service implemented as WorkflowLeverage Workflow development experienceAllows long-running, durable Services
Workflow hosted as ServiceServiceContract provides typed interface for integrating with the WorkflowMessages enforce by-value, serializable dataWorkflows can be message-activated
![Page 12: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/12.jpg)
{DEMO}Workflow Services
![Page 13: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/13.jpg)
Workflow Services Architecture
Workflow Runtime
ServiceHost
ServiceDescription
ServiceBehavior
OperationBehavior
Workflow.cs orWorkflow.xoml
App.config
Service Runtime
OperationInvoker
OperationSelector
InstanceProvider
MessageInspector
ListenerChannel
Service Instance
Operation 1
Operation 2Workflow
ServiceHost
WorkflowServiceBehavior
WorkflowOperationBehavior
WorkflowOperationInvoker
DurableInstanceProvider
MessageContextInspector
ContextChannel
Workflow Instance
ReceiveActivity 1
ReceiveActivity 2
WF Persistence DB
Service.cs
![Page 14: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/14.jpg)
Context Exchange
Transport model for exchange will not work in long-running process
Manage at application or process layer
Need to agree upon a protocol to exchange context
![Page 15: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/15.jpg)
Context Exchange Protocol
Service
Receive
Receive
Client
Send
Send
op x response
{instanceId}
op x params
op y params
{instanceId}
op y response
Context repository (your choice)
op y params
{instanceId}
op y response
{instanceId}
Non-WF Client
![Page 16: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/16.jpg)
Duplex Communication
Cannot rely on a duplex channel
Model this via two contracts (inside two WorkflowServiceHost’s)
Explicitly provide “client” context in the initiating message to the “server”
![Page 17: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/17.jpg)
Duplex Message Flow
Client Service
{no context}
ClientId
BeginWorkflow
{ServiceId}
Body
BeginWorkItem
{ServiceId}
Body
{ServiceId}
Body
ContinueWorkItem
CompleteWorkItem
{ServiceId}
BodyWorkItemCompl
ete{ClientId}
Body
SendRequest
ReceiveRespose
Send
Send
Send
Receive
ReceiveRequest
Receive
Receive
Receive
Send
![Page 18: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/18.jpg)
{EXAMPLE}Duplex Messaging
![Page 19: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/19.jpg)
{IDENTITY}
![Page 20: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/20.jpg)
Identity on the Internet Today
PasswordsNot a secure option with today’s computing powerToo easy to attack, long passwords hard to rememberWe need stronger options!
Identity silosHow many user accounts do you have on the web?Each requires its own password or other credentialExpensive and painful to manage
Today’s “solution”Most users have one password they use everywhere!
![Page 21: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/21.jpg)
Information Card From the user's perspective
Data about myselfName, phone, address…
Data about a relationship with some entity
Frequent Flyer -> AirlineCredit card holder -> BankCitizen of X -> Government
I may have to “do” something for using the card
Insert smartcardBe on my company’s network
Perception:I send this card so that the service provider will recognize me and use the information I disclose.
![Page 22: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/22.jpg)
Information Card From the computer's perspective
Token FormatSAML, Kerberos…
STS InformationAddressMetadataPolicy
Authentication factor type & hintsThumbprint for certificatesCard ID for self issued
A card represent the ability of obtaining a token of a certain format, containing certain claims, requesting it from a certain STS following a certain policy
![Page 23: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/23.jpg)
A Token
ClaimName1: Value1
ClaimNamen: Valuen
S
…
Issuer’s signature[optional] key material
Claims collection
E
Encryption for the intended audience
![Page 24: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/24.jpg)
Windows CardSpace
Windows CardSpace is an identity selector for the metasystem
Represents digital identities graphicallyGets the user more highly involved in authenticationDesigned to be difficult to spoof (helps mitigate phishing attacks)
Makes identity feel realEach identity represented as a card
![Page 25: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/25.jpg)
{DEMO}
![Page 26: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/26.jpg)
Externalizing Authentication
Embedding identity management code in the app codebase is a Bad Idea
CompetenceMaintenanceRobustness/Flexibility
The technical details of authentication should be abstracted away
from the application developer
![Page 27: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/27.jpg)
S+S
Trust
Trust
Trust
IP
IP
Reso
urc
es
R-STS
R-STS
User’s PC
![Page 28: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/28.jpg)
Identity Flow
SAML
User’s PC
Website
Identity Provider
Token PolicyCards
Store
STS
Identities Store
SAML
Get Login Page
Read Policies
Pass Policies to Identity SelectorFilter the list based on policies
Pass card to STS
The IP authenticates RST…
If successful, builds& signs the requested token
The website authenticatesthe token
The IP sends back the token
The application posts the token to the website
![Page 29: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/29.jpg)
{DEMO}
![Page 30: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/30.jpg)
ZermattFramework for implementing claims-based identity in your applications
Set of .NET Framework 3.5 classesFederated Authentication HttpModuleIIdentity -> IClaimsIdentityIPrincipal -> IClaimsPrincipal
Information Card Design ControlPassive Sign In Design Control
Still Beta…
![Page 31: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/31.jpg)
SUMMARY
WCF provides numerous extension points and configuration parameters
Workflow Services provide a natural way to build services.With an understanding of context, advanced communication patterns can be implemented across many parties.
Identity Management Frameworks provide great opportunities to drive security implementations targeting the future of software architecture.
![Page 32: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/32.jpg)
Related Contents
• Community site, samples, news• http://cardspace.nefx3.com• www.dinnernow.net
• MSDN Forum• http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=784&SiteID=1
• MSDN Home Page• http://msdn.microsoft.com/identity
![Page 33: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/33.jpg)
Any questions ?
Feel Free to meet during the break
Or contact us:
[email protected]@pragmaconsult.lu
www.pragmaconsult.lu
![Page 34: Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino](https://reader038.vdocument.in/reader038/viewer/2022103112/551b0eec5503462e578b59d9/html5/thumbnails/34.jpg)
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.