Anders Revsgaard
Architecture and federated security in .NET
Needs to track time?
July 13, 2016
Posted by on Sortingtime makes it easy to track time on tasks and gives you a quick overview of registered time. You can afterword’s select tasks or groups and send PDF reports as well as invoices. Furthermore, you get a overview of the expected monthly turnover and historically turnover.
Brug for at registrerer tid
July 13, 2016
Posted by on Sortingtime gør det nemt at registre tid på opgaver og giver et hurtigt overblik over registreret tid. Efterfølgende kan du vælge opgaver eller grupper og sende PDF rapporter samt fakturaer. Sortingtime giver dig overblik over månedens forventede omsætning og historiske omsætning.
Configuren Logging in WCF and WIF
March 25, 2011
Posted by on Logging is configured the same way in WCF web services and WCF clients which is both using WIF. The logging functionality is configured as shown in the following steps.
1. Creating a system.diagnostics element. This one is logging all information’s.
<configuration>
…
<system.diagnostics>
<sources>
<source name=”Microsoft.IdentityModel” switchValue=”Verbose”>
<listeners>
<add name=”wif” />
</listeners>
</source>
<source name=”System.ServiceModel.MessageLogging” logKnownPii=”false” switchValue=”Verbose”>
<listeners>
<add name=”wcf” />
</listeners>
</source>
</sources>
<sharedListeners>
<add name=”wcf” type=”System.Diagnostics.XmlWriterTraceListener”
initializeData=”C:\logs\SomeAppl_WCF.svclog” />
<add name=”wif” type=”System.Diagnostics.XmlWriterTraceListener”
initializeData=”C:\logs\SomeAppl_WIF.svclog” />
</sharedListeners>
<trace autoflush=”true” />
</system.diagnostics>
</configuration>
2. Configuring logging for WCF. There is no more configuration needed regardig WIF.
<configuration>
…
<system.serviceModel>
…
<diagnostics>
<messageLogging logEntireMessage=”true”
logMessagesAtServiceLevel=”true”
logMessagesAtTransportLevel=”true”>
</messageLogging>
</diagnostics>
</system.serviceModel>…
</configuration>
Create test certificates for custom STS and ADFS 2
February 17, 2011
Posted by on How to create test certificates with OpenSSL for custom STS deployed on IIS and ADFS 2.
Download OpenSSL for windows her.
Set the path to OpenSSL bin folder in cmd prompt: PATH=%PATH%;c:\OpenSSL-Win32\bin
And set OpenSSL config path in cmd prompt: set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg
Create CA root certificate
- openssl req -x509 -nodes -days 3650 -subj /C=DK/L=Denmark/O=TestCompany/OU=TestDepartment/CN=testCA.mydomain.com -newkey rsa:2048 -keyout testCARootPrivateKey.key -out testCARootCertificate.crt
- openssl pkcs12 -export -out testCARootCertificate.pfx -inkey testCARootPrivateKey.key -in testCARootCertificate.crt
Create SSL certificate for IIS, which trusts the root certificate
- openssl req -nodes -days 3650 -subj /C=DK/L=Denmark/O=TestCompany/OU=TestDepartment/CN=testsite.mydomain.com -newkey rsa:2048 -keyout testsite.mydomain.comPrivateKey.key -out testsite.mydomain.comCertificate.csr
- openssl x509 -req -days 3650 -in testsite.mydomain.comCertificate.csr -CA testCARootCertificate.crt -CAkey testCARootPrivateKey.key -CAcreateserial -out testsite.mydomain.comCertificate.crt
- openssl pkcs12 -export -out testsite.mydomain.comCertificate.pfx -inkey testsite.mydomain.comPrivateKey.key -in testsite.mydomain.comCertificate.crt
Create Signing certificate, which trusts the root certificate
- openssl req -nodes -days 3650 -subj “/C=DK/L=Denmark/O=TestCompany/OU=TestDepartment/CN=STS Signing – testsite.mydomain.com” -newkey rsa:2048 -keyout “STS Signing – testsite.mydomain.comPrivateKey.key” -out “STS Signing – testsite.mydomain.comCertificate.csr”
- openssl x509 -req -days 3650 -in “STS Signing – testsite.mydomain.comCertificate.csr” -CA testCARootCertificate.crt -CAkey testCARootPrivateKey.key -CAcreateserial -out “STS Signing – testsite.mydomain.comCertificate.crt”
- openssl pkcs12 -export -out “STS Signing – testsite.mydomain.comCertificate.pfx” -inkey “STS Signing – testsite.mydomain.comPrivateKey.key” -in “STS Signing – testsite.mydomain.comCertificate.crt”
Create Encrypting certificate, which trusts the root certificate
- openssl req -nodes -days 3650 -subj “/C=DK/L=Denmark/O=TestCompany/OU=TestDepartment/CN=STS Encrypting – testsite.mydomain.com” -newkey rsa:2048 -keyout “STS Encrypting – testsite.mydomain.comPrivateKey.key” -out “STS Encrypting – testsite.mydomain.comCertificate.csr”
- openssl x509 -req -days 3650 -in “STS Encrypting – testsite.mydomain.comCertificate.csr” -CA testCARootCertificate.crt -CAkey testCARootPrivateKey.key -CAcreateserial -out “STS Encrypting – testsite.mydomain.comCertificate.crt”
- openssl pkcs12 -export -out “STS Encrypting – testsite.mydomain.comCertificate.pfx” -inkey “STS Encrypting – testsite.mydomain.comPrivateKey.key” -in “STS Encrypting – testsite.mydomain.comCertificate.crt”
ADFS 2 CRL configuration
ADFS 2 has CRL (certificate revocation list, from the issuing CA) checking enabled by default. This will result in an error if you have a Claims Provider Trust to an ADFS 2, using test certificates. The problem is solved by changing the CLR checking to none.
This is done by running the set-ADFSClaimsProviderTrust PowerShell command for the Claims Provider Trust in this example named “trust to sts”.
set-ADFSClaimsProviderTrust –TargetName “trust to sts” –SigningCertificateRevocationCheck None
The same is the case having a Relaying Party Trust to a ADFS 2, using test certificates.
set-ADFSRelyingPartyTrust –TargetName “other relying sts” –EncryptionCertificateRevocationCheck None