Windows Identity Foundation

Last updated

Windows Identity Foundation (WIF) is a Microsoft software framework for building identity-aware applications. [1] It provides APIs for building ASP.NET or WCF based security token services as well as tools for building claims-aware and federation capable applications. [2] [3]

Contents

Windows Identity Foundation is supported on IIS 6/Windows Server 2003, IIS 7/Windows Vista, Windows Server 2008 and Windows 7. Version 1.0 shipped as a standalone product, but the product is now included as a part of Microsoft .NET Framework v4.5. [4] [2]

Major features

WIF has the following major features: [5]

See also

Related Research Articles

Active Server Pages (ASP) is Microsoft's first server-side scripting language and engine for web pages that change by time or other circumstances.

An application server is a server that hosts applications.

Internet Information Services Extensible web server software by Microsoft

Internet Information Services is an extensible web server software created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP. It has been an integral part of the Windows NT family since Windows NT 4.0, though it may be absent from some editions, and is not active by default.

Integrated Windows Authentication (IWA) is a term associated with Microsoft products that refers to the SPNEGO, Kerberos, and NTLMSSP authentication protocols with respect to SSPI functionality introduced with Microsoft Windows 2000 and included with later Windows NT-based operating systems. The term is used more commonly for the automatically authenticated connections between Microsoft Internet Information Services, Internet Explorer, and other Active Directory aware applications.

ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages. It was developed by Microsoft to allow programmers to build dynamic web sites, applications and services.

The Windows Communication Foundation (WCF), previously known as Indigo, is a free and open-source runtime and a set of APIs in the .NET Framework for building connected, service-oriented applications.

Windows CardSpace

Windows CardSpace is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

DPAPI is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems. In theory the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy. A detailed analysis of DPAPI inner-workings was published in 2011 by Bursztein et al.

Windows Vista has many significant new features compared with previous Microsoft Windows versions, covering most aspects of the operating system.

Web Services Enhancements (WSE) is an obsolete add-on to the Microsoft .NET Framework, which includes a set of classes that implement additional WS-* web service specifications chiefly in areas such as security, reliable messaging, and sending attachments. Web services are business logic components which provide functionality via the Internet using standard protocols such as HTTP. Web services communicate via either SOAP or REST messages. WSE provides extensions to the SOAP protocol and allows the definition of custom security, reliable messaging, policy, etc. Developers can add these capabilities at design time using code or at deployment time through the use of a policy file.

WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange.

SharePoint Web application platform

SharePoint is a web-based collaborative platform that integrates with Microsoft Office. Launched in 2001, SharePoint is primarily sold as a document management and storage system, but the product is highly configurable and usage varies substantially among organizations.

Component Object Model (COM) is a binary-interface standard for software components introduced by Microsoft in 1993. It is used to enable inter-process communication object creation in a large range of programming languages. COM is the basis for several other Microsoft technologies and frameworks, including OLE, OLE Automation, Browser Helper Object, ActiveX, COM+, DCOM, the Windows shell, DirectX, UMDF and Windows Runtime. The essence of COM is a language-neutral way of implementing objects that can be used in environments different from the one in which they were created, even across machine boundaries. For well-authored components, COM allows reuse of objects with no knowledge of their internal implementation, as it forces component implementers to provide well-defined interfaces that are separated from the implementation. The different allocation semantics of languages are accommodated by making objects responsible for their own creation and destruction through reference-counting. Type conversion casting between different interfaces of an object is achieved through the QueryInterface method. The preferred method of "inheritance" within COM is the creation of sub-objects to which method "calls" are delegated.

.NET Framework Software platform developed by Microsoft

.NET Framework is a software framework developed by Microsoft that runs primarily on Microsoft Windows. It includes a large class library called Framework Class Library (FCL) and provides language interoperability across several programming languages. Programs written for .NET Framework execute in a software environment named the Common Language Runtime (CLR). The CLR is an application virtual machine that provides services such as security, memory management, and exception handling. As such, computer code written using .NET Framework is called "managed code". FCL and CLR together constitute the .NET Framework.

AppFabric is a set of middleware technologies for Windows Server, released by Microsoft. It consists of two main feature areas: AppFabric Hosting and AppFabric Caching. Microsoft support for these ended in November 2017. A newer version of the product from Microsoft is Service Fabric.

.NET Framework version history

Microsoft started development on the .NET Framework in the late 1990s originally under the name of Next Generation Windows Services (NGWS). By late 2001 the first beta versions of .NET 1.0 were released. The first version of .NET Framework was released on 13 February 2002, bringing managed code to Windows NT 4.0, 98, 2000, ME and XP.

Microsoft Silverlight is an application framework for writing and running rich internet applications that was actively developed and marketed by Microsoft from 2007 to 2012. This is a technical overview of the platform's history.

Access Control Service, or Windows Azure Access Control Service (ACS) was a Microsoft-owned cloud-based service that provided an easy way of authenticating and authorizing users to gain access to web applications and services while allowing the features of authentication and authorization to be factored out of the application code. This facilitates application development while at the same time providing users the benefit of being able to log into multiple applications with a reduced number of authentications, and in some cases only one authentication. The system provides an authorization store that can be accessed programmatically as well as via a management portal. Once authorizations are configured, a user coming to an application via ACS arrives at the application entrance with not only an authentication token, but also a set of authorization claims attached to the token. ACS was retired by Microsoft on November 7, 2018.

ASP.NET Core is a free and open-source web framework and successor to ASP.NET, developed by Microsoft. It is a modular framework that runs on both the full .NET Framework, on Windows, and the cross-platform .NET Core. However ASP.NET Core version 3 works only on .NET Core dropping support of .NET Framework.

References

  1. Improve Authentication with Windows Identity Foundation -- Visual Studio Magazine
  2. 1 2 Windows Identity Foundation Now Included in .NET 4.5
  3. What is claims-based identity? - Definition from WhatIs.com
  4. "Windows Identity Foundation 4.5 Overview". Microsoft Corporation. Retrieved January 24, 2012.
  5. Microsoft Corporation. "What is Windows Identity Foundation?". Microsoft Corporation. Retrieved August 2, 2011.