Security > Home >  Identity Management

Windows Identity Foundation Simplifies User Access for Developers

Windows Identity Foundation logo

Windows Identity Foundation enables .NET developers to externalize identity logic from their application, improving developer productivity, enhancing application security, and enabling interoperability.  Enjoy greater productivity, applying the same tools and programming model to build on-premises software as well as cloud services.  Create more secure applications by reducing custom implementations and using a single simplified identity model based on claims.  Enjoy greater flexibility in application deployment through interoperability based on industry standard protocols, allowing applications and identity infrastructure services to communicate via claims.

Windows Identity Foundation is part of Microsoft's identity and access management solution built on Active Directory that also includes:

  • Active Directory Federation Services 2.0 (formerly known as "Geneva" Server): a security token service for IT that issues and transforms claims and other tokens, manages user access and enables federation and access management for simplified single sign-on
  • Windows CardSpace 2.0 (formerly known as Windows CardSpace "Geneva"): for helping users navigate access decisions and developers to build customer authentication experiences for users.

Getting Started

Identity Management Blogs


Most Recent Blog Posts

More unintended consequences of browser leakage
Thursday, Feb 4 by Kim Cameron
Minimal disclosure for browsers
Thursday, Jan 28 by Kim Cameron
New EFF Research on Web Browser Tracking
Thursday, Jan 28 by Kim Cameron
Customizing the AD FS 2.0 Sign-in Web Pages
What do the following three qu... more
Wednesday, Jan 27 by CardSpaceBlog

Additional Tools & Documentation

  • Identity Management team on Connect

    The Identity Management team Connect site has additional tools, samples and documentation, such as the Microsoft Online Services Federation Utility CTP.

  • Developer Learning Tool

    Fabrikam Shipping is a semi-realistic sample web application that demonstrates how to implement common tasks and features in web applications. It combines the techniques presented separately in other technology learning material such as the SDK and the Identity Developer Training Kit.

  • Using the WIF Framework to Improve Identity Management

    Microsoft Information Technology (Microsoft IT) deployed a Volume Licensing Authentication/Authorization system (VLAS) based on the WIF Framework — claims-aware application ─ this paper details the benefits of using the WIF Framework, including how the Volume Licensing application is architected.

Channel 9 Videos

Whitepapers

  • Singe Sign on to Amazon EC2

    Guidelines on how to provide single sign on to Amazon EC2 applications from an on-premises Windows Active Directory using with Amazon’s Virtual Private Cloud or using Active Directory Federation Services.

  • Sun OpenSSO

    Read how Sun and Microsoft are utilizing the SAML federation standard in both the Sun OpenSSO Enterprise federation solution and the forthcoming Microsoft “Geneva” Server federation solution.

  • WIF and Novell Access Manager

    Learn about the need for standards-based identity federation, and the solutions that improve the interoperability of mixed-technology directory environments.

  • Microsoft and CA – ADFS Interop

    This white paper reviews how solutions from CA (CA SiteMinder, CA Federation Manager) and Microsoft (Active Directory Federation Services (formerly code named “Geneva”) provide a middleware software layer, while supporting standards-based communication protocols that enable cross-technology access management and identity federation scenarios.

  • Windows Identity Foundation (WIF) An overview of changes between Beta2 & RTW

    Highlights of the changes made between Beta 2, which was released during TechEd 2009 in May’09, and RTW, which released Nov. 17th, 2009.

WIF Webcast Series

MSDN Magazine articles

Identity Management Technologies

Digital Identity for .NET Applications: A Technology Overview

This overview provides a broad introduction to digital identity for .NET architects and developers. After describing a few fundamental concepts, it walks through the major Windows identity technologies and how they can be applied. The goal is to help anyone who works in the .NET world understand and make better decisions about digital identity in their applications. By David Chappell.

System.DirectoryServices Namespace

  • Introduction to System.DirectoryServices.ActiveDirectory

    This whitepaper introduces you to using S.DS.AD, in the .NET Framework 2.0, to perform Active Directory and AD LDS (formerly ADAM) management tasks.

  • Introduction to System.DirectoryServices.Protocols

    S.DS.P, in the .NET Framework 2.0, provides raw LDAP access, meaning that it is designed specifically to reach beyond Active Directory and AD LDS (formerly ADAM) to other LDAP compliant directories. Therefore, if you plan to use .NET managed code against other LDAP directories, a great place to focus is on S.DS.P. A code sample accompanies the paper.

  • System.DirectoryServices.AccountManagement Namespace Overview

    System.DirectoryServices.AccountManagement is a namespace in the Microsoft .NET Framework 3.5 that provides uniform access and manipulation of security principals across multiple principal stores. S.DS.AM manages directory objects independent of the System.DirectoryServices namespace.

  • Managing Directory Services Principals in the .NET Framework 3.5

    In this MSDN Magazine article learn how to use the new System.DirectoryServices.AccountManagement namespace designed specifically for managing security principals. A code sample accompanies the article.

  • System.DirectoryServices Namespace
    A drill-down into the DirectoryEntry and DirectorySearcher classes, their properties and methods. These allow you to work with AD, ADAM, and diverse directories on a network using a single interface.

Active Directory Federation Services

  • Active Directory Federation Services on Microsoft TechNet
    Based on WS-* specifications, ADFS provides Web single-sign-on technologies and a federated identity management solution for securely sharing digital identity and entitlement rights across security and enterprise boundaries.
  • Step-by-Step Guide for AD FS

    Learn how to set up AD FS in a test lab environment. This guide walks you through set-up of a claims-aware application and a Windows NT token–based application on an AD FS-enabled Web server.

  • AD FS SDK

    Visit the SDK to learn about the AD FS API namespaces.

WCF Security

  • Improving Web Services Security

    Learn how to design and implement authentication and authorization in WCF through end-to-end application scenarios. Improve the security of your WCF services through prescriptive guidance including guidelines, Q&A, practices at a glance, and step-by-step how to guides.

Windows CardSpace

  • An Introduction to Windows CardSpace

    Windows CardSpace is the Microsoft .NET Framework 3.0 component that provides the consistent user experience required by the identity metasystem.

Page view tracker