Building a Claims-Based Security Model in WCF – Part 2
In Part 1 of this article I discussed the motivation behind implementing a claims-based security model for your WCF services and introduced a simple approach to normalizing claims for different credential types using a custom authorization policy. During the article, I discussed the following: How different user credentials are mapped to a set of claims [...]
Building a Claims-Based Security Model in WCF – Part 1
Traditional security models for intranet and Internet applications use some form of username and password to authenticate users. Client-server applications deployed to a common domain often rely on Windows credentials (NTLM or Kerberos), while services exposed to the Internet often require a username and password to be passed in an interoperable format (WS-Security) to be [...]