Skip to main content

LEAP Sweden - Identity & Access Management

Today was the third day of the Swedish Lead Enterprise Architect Program at Microsoft in Kista. It has been a day filled with sessions on security and identity with a kind of unavoidable focus on federated identities in the cloud.

Overall it has been an awesome day with seminars from Henrik Nilsson, Barry O'Reilly and Sergio Molero among others. A lot of Microsoft technologies was mentioned, Forefront Identity Manager, Active Directory Federation Services 2.0, Forefront Unified Access Gateway, Direct AccessWindows Identity Framework and of course Azure Access Control Service.

Microsoft really has a great suite of applications regarding Identity & Access Management. I just wish there was a project or two where I could utilize all of these amazing technologies. I have had a plan to add a login feature to the Cornball using federated identities, so that might happen in the near future.

Besides, Björn Eriksen provided a tip for all of us thursty for education. Microsoft have collected a wide range of white papers, videos and links into what they call Microsoft Virtual Academy. Learn, explore and collect education points as you do it!


Labels:

Comments

  1. daceeihnatMarch 3, 2022 at 6:59 PM

    The Best 777 Casino St. Louis - Mapyro
    777 Casino St. Louis in St. 화성 출장마사지 Louis offers a 속초 출장샵 wide 안산 출장샵 variety of games for the lucky player. 논산 출장안마 Check out the location map to see if this site is a suitable venue 영주 출장안마

    ReplyDelete

Post a Comment

Popular posts from this blog

Binding Enum with DescriptionAttribute in WPF

Binding an enumeration to a ComboBox can be done in several ways. In most cases you don't want to display the value itself, but a more user friendly description. One common approach is to use the DescriptionAttribute on the Enum values to supply a description for each value.  This is all possible in a very MVVM friendly way. First step is to add the  DescriptionAttribute  to the values of the enumeration. public enum MyValues { [Description("First value")] First, [Description("Second value")] Second } To retrieve the description from the enum we use a simple extension method. This method returns the value of the DescriptionAttribute if it exists, otherwise the string representation of the enum value is returned. public static string GetDescription(this Enum value) { var fieldInfo = value.GetType().GetField(value.ToString()); var attribute = fieldInfo.GetCustomAttributes(typeof(DescriptionAttribute), false).FirstOrDefault() as
2 comments
Read more

Programming AD with C#.NET – part 4

Our transition to the  System.DirectoryServices.Protocols  has in the whole gone very smooth, but there have been some issues with one environment that contains subdomains. Most things are working fine, but writing to a subdomain does not work in the same way as it did before. What is generally bad with the  System.DirectoryServices.Protocols is the documentation, which is practically non-existent. But most things can  be figured out anyway since most classes just are wrappers for the wldap32.dll, which in turn is way better documented. I would like to have as little bindings to a specific server as possible but still be able to access the domain. In the  LdapConnection  it is possible to set the identifier to null and use the executing computer as a starting point to find a domain controller. But sometimes I must know that I am using a Global Catalog, and with more and more RODC in the environment I sometimes must know that I am working against a writeable domain controller.
Post a Comment
Read more

User.Identity returns old login name after name change

When a person gets married or makes a name change for some other reason this usually means that the login name for the Active Directory-account changes as well. This is rarely a problem, but it turned out to cause some issues on our web server, where the  User.Identity  property was still returning the old login name. The user logged on with the new login name, but was identified by the web application as the old login name. The reason this occurs is because the  User.Identity  property relies on the  LsaLookupSids  method to convert the user SID to a login name. The method first calls the local  LSA-cache , which is not synchronized with the Active Directory. For this purpose a simple reboot of the web server to clear the  LSA-cache  propably would have sufficed. But since we didn't want to take the application offline rebooting was not an option. Instead, it is possible to set the registry value  LsaLookupCacheMaxSize in HKLM\SYSTEM\CurrentControlSet\Control\Lsa. If this val
Post a Comment
Read more