Building a Claims-Based Security Model with WCF

Michele Leroux Bustamante

WCF | Security | Identity


The identity model in WCF supports a rich, claims-based approach to authorization. Virtually any security token can be represented as a set of claims, including tokens that contain Windows credentials, username and password or X509 certificates. Normalized claims are the heart of any federated security model – allowing developers to decouple how tokens are mapped to a set of domain-specific claims, and appropriately decouple how users are authorized based on those claims. This session will first show you how to build a claims-based security model using custom authorization policies, permissions and attributes. Then, you’ll learn how this plays into a federated model allowing you to decouple authentication and authorization from your business service implementations. In the process, you’ll learn about SAML tokens, how to create custom claims, and how the flow of communication between clients, token issuers and service works.