Getting started with Identity Services

I find myself needing to write a federated identity proof of concept for a client of ICC.  I got started with three downloads:

I wanted to get a good foundation, so I started with the training kit.  As an author, I heavily recommend everyone do this.  The days when you could just jump in and start hacking are long gone.  There are frameworks on top of frameworks in today’s development environments and learning the right path is paramount.

Getting started with a lab

The lab I started with was Web Sites and Identity, becasue it solved the particular problem that I needed solved.  Your might be different.  The prerequisites included:

  • Microsoft® Windows® Vista SP2 (32-bits or 64-bits) , Microsoft® Windows Server 2008 SP2 (32-bit or 64-bit), Microsoft® Windows Server 2008 R2, Microsoft® Windows® 7 RTM (32-bits or 64-bits)
  • Microsoft® Internet Information Services (IIS) 7.0
  • Microsoft® .NET Framework 3.5
  • Microsoft® Visual Studio 2008
  • Microsoft® SQL Express 2005 (or later)
  • Microsoft® Windows Identity Foundation Runtime
  • Microsoft® Windows Identity Foundation SDK

The basics needed to be present, but things like Powershell permissions and IIS 7 configurations have built-in installers that ran easily ran from the dependency checker. 

 

image

You are then asked to install snippets for code and XML.  I put them in the My Snippets folder for Visual Studio 2008.

image

After installing a few certificates, the labs were set up and ready to go.

Working the lab

In working with the lab, it seems that the setup scripts failed to supply the SSL binding for the default web.  I learned a fix in this ScottGu post after making this post to IIS.net

to fix it you just need to go to IIS7 and do these steps:

  1. Select the Default Web Site
  2. Click Bindings… under Edit Site on the right hand command panel
  3. Click the https binding and click the Edit… button

    image
  4. You’ll see that SSL Cert dropdown has No Binding Selected.  Change it to STSTestCert.

    image
  5. Click OK and Close.

That’s all there is to it.  The site will no longer give you Cannot connect errors.

Anyway, I like the lab and I like the WIF.  Generally, it has the same problem as all of the W*F patterns that Microsoft provides.  It is configuration over convention and there are SO many options that it is confusing.  WIF tries to be everything to everyone.  To find the exact situation that suits your needs will require a little digging through the lab.

Pingbacks and trackbacks (1)+

Comments are closed

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

PageList

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList