Offi

ce L

ive

Web

Business Web SiteDocument Library

Vis

ual

Stu

dio

200

8

New FeaturesLINQLanguage EnhancementC# 3.0

Mic

roso

ft D

ynam

ics CRM 4.0

AccountingDeploymentSupport

Co

deR

igh

t In

c.

What we doContact UsManagement Team

Microsoft CodeCamp 9

C#

Dev

elo

per What’s Auth Got To Do With it?

Developing Multi-Factor Authentication Solutions

Multi-Factor Authentication Helps addresses forms of WebSite Forgery:

Cross Site Scripting

Phishing/Pharming

Man-in-the-Middle

Man-in-the-Browser

For more info: http://www.tricipher.com/threats/index.html

What is Mult-Factor Auth?

User HAS ID card Security token Software token Phone, or cell phone

User KNOWS password pass phrase or PIN

http://en.WIKIPEDIA.org/wiki/Two-factor_authentication

User IS or DOES Fingerprint or retinal pattern DNA Signature or voice recognition Biometric identifier

Multi-Factor Authentication Multi-Factor Examples?

e-Commerce: Yahoo!, Amazon Financial: DiscoverCard, ING Direct

How do you incorporate MFA into .Net Roll your own Integrate with 3rd party products:

Tricipher, RSA, or Entrust Build a Custom Provider

Some of Today’s Options

Multi-Factor Authentication

Membership Provider

What is a Provider Model and how/where is it used? Design Pattern used extensively throughout .Net that

enables developers to abstract data store(s) from the application

Enables the creation or use of presentation controls to “snap-in” to “any“ type of data store

Examples of Usage: CreateUserWizard Control, Login, LoginView etc.

What is the Membership Provider Model

Great example of Abstract Class in Action! Definition of What Methods to Expect (Abstract Class)

Controls that Expect those defined Methods being implemented (CreateUserWizard, Login, LoginView)

Implementation of those Methods (Custom Provider)

Built-In Membership Providers

SQL Membership Provider System.Web.Security.SqlMembershipProvider

Database Schema

ActiveDirectory Membership Providers System.Web.Security.ActiveDirectoryMembershipProvider

Asp.Net Membership Provider

Deploying SQLMembershipProvider

Run - aspnet_regsql.exe Create a webpage, Add Login (or other) Login-

View. Configure

Summary

Defined Multi-Factor Authentication Defined a Membership Provider Reviewed OOB SQL Membership Provider Detailed how to create a Custom Provider to a

Tricipher Armored Credential System (Vault)

Questions or Job Offers ?

Email: Bryan_Tuttle@CodeRight.com

Resources

CodeRight Inc. www.CodeRight.comwww.ArchitectFactory.com

Tricipher Multi-Factor Authentication

www.Tricipher.com

ASP.Net 2.0 Provider Model

4GuysFromRollaHow to Write a Provider Model

Membership, Roles and Profile Provider customization

4 GuysFromRollaChris Pels

Customizing CreateUser Wizard

4GuysFromRolla

Resources (cont.)

Asp.Net Providers (Source Code ! And Whitepapers)

Scott Guthrie

Introduction to ASP.Net Provider Model

http://msdn.microsoft.com/en-us/library/aa478948.aspx