November 2009

Claims-Based Apps: Claims-Based Authorization with Windows Identity Foundation Over the past few years, federated security models and claims-based access control have become increasingly popular. Platform tools in this area have also come a long way. Windows Identity Foundation (WIF) is a rich identity model framework designed for building claims-based applications and services and for supporting active and passive federated security scenarios. Michele Leroux Bustamante Workflow Essentials: Collaborative Workflow Improvements in SharePoint 2010 In this article, the author covers the new features in SharePoint 2010 geared for workflow developers and then walks the reader through a couple of new user scenarios. Paul Andrew

AD FS 2.0 in Identity Solutions: Using Active Directory Federation Services 2.0 in Identity Solutions
This article explains how you can use Active Directory Federation Services (AD FS) 2.0 to claims-enable Windows Communication Foundation (WCF) services and browser-based applications. The focus is on the token issuance functionality in AD FS 2.0. You’ll find out how to use AD FS 2.0 as an identity provider; set up an AD FS 2.0 security token service (STS) to interact with WCF; federate AD FS 2.0 with your custom STS or another AD FS 2.0; enable Web single sign-on and federation with WS-Federation and SAML 2.0 protocols; and externalize authentication logic through Visual Studio. You’ll come away appreciating how AD FS 2.0 and Windows Identity Foundation make programming identity solutions in Windows less of a chore.
Zulfiqar Ahmed

Digital Signatures: Application Guidelines on Digital Signature Practices for Common Criteria Security
This article is an overview of digital signature practices and user considerations necessary to write applications in compliance with ISO/IEC 15408 Common Criteria security. Signing categories are described, including those that are a potential risk to the implied trust association that goes with a digital signature.
Jack Davis

N-Tier Apps and the Entity Framework: Building N-Tier Apps with EF4
This article is the third in a series about n-tier programming with the Entity Framework, specifically about building custom Web services with the Entity Framework and WCF. This article looks at features coming in the second release of the Entity Framework (EF4) and how you use them to implement the Self-Tracking Entities and Data Transfer Objects (DTOs) n-tier patterns.
Daniel Simmons

SharePoint's Sandbox: Developing, Deploying and Monitoring Sandboxed Solutions in SharePoint 2010
The challenge in SharePoint development has always been the balance between creating and deploying solutions that you can trust not to damage or impair a SharePoint farm. A new feature in SharePoint 2010, called Sandboxed Solutions, enables farm administrators to feel comfortable that the SharePoint farm is safe, gives site collection administrators the authority to manage applications in their site collection, and provides developers with the flexibility to create solutions they know will be deployed in a safe and rapid manner.
Paul Stubbs

Columns

Editor's Note: Beginnings and Endings Howard Dierking talks about the recent changes and updates to the MSDN Web sites and the MSDN Subscriptions program. Howard Dierking	Toolbox: Database Documentation, API for Pre- and Post-Conditions, Blogs and More In this month's column, Scott explores one-click database documentation, covers an API for pre- and post-conditions, takes a look at an interesting blog, and reviews the latest book about the ASP.NET MVC Framework. Scott Mitchell	CLR Inside Out: Exploring the .NET Framework 4 Security Model The .NET Framework 4 introduces many updates to the .NET security model that make it much easier to host, secure and provide services to partially trusted code. This article dives into the many features and benefits of the .NET security model. Andrew Dai
Cutting Edge: Conditional Rendering in ASP.NET AJAX 4.0 Last month, Dino covered the basics of the new DataView client control and the binding techniques most commonly used. In this article, he goes one step further and covers conditional template rendering. Dino Esposito	Security Briefs: XML Denial of Service Attacks and Defenses This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks. Bryan Sullivan	Under the Table: Visualizing Spatial Data In this article, the author shows you three new arrivals on the SQL Server spatial visualization scene: the map control in SQL Server 2008 R2 Reporting Services (SSRS), the ESRI MapIt product, and the MapPoint Add-In for SQL Server 2008. Bob Beauchemin
Foundations: Workflow Services for Local Communication This month’s column describes how to use WCF for communication between a workflow and a host application in Windows Workflow Foundation 3. This knowledge should help developers with their efforts using WF3 and prepare them for WF4, where WCF is the only abstraction over queues (referred to as “bookmarks" in WF4) that ships with the framework. Matthew Milner	Windows with C++: Windows Web Services With the introduction of the Windows Web Services (WWS) API, C++ developers no longer have to think of themselves as second-class citizens in the world of Web Services. In this article, the author explores the features and benefits that the WWS API has to offer. Kenny Kerr	Usability in Practice: Search Is Key to Findability In this column, Ambrose Little and Charlie Kreitzberg discuss best practices, design patterns, and other considerations related to implementing a search feature. Ambrose Little
Inside Microsoft patterns & practices: Dependency Injection in Libraries This article discusses how to write a library or framework that uses the Dependency Injection pattern and how the change in focus affects the usage of the pattern. Chris Tavares