Whats Auth Got To Do With It
14
Office Live Web Business Web Site Document Library Visual Studio 2008 New Features LINQ Language Enhancemen t C# 3.0 Microsoft Dynamics CRM 4.0 Accounting Deployment Support CodeRight Inc. What we do Contact Us Management Team Microsoft CodeCamp 9 C# Developer What’s Auth Got To Do With it? Developing Multi- Factor Authentication Solutions
-
Upload
bryan-tuttle -
Category
Technology
-
view
787 -
download
1
description
Multifactor Auth and Provider PPT
Transcript of Whats Auth Got To Do With It
Offi
ce L
ive
Web
Business Web SiteDocument Library
Vis
ual
Stu
dio
200
8
New FeaturesLINQLanguage EnhancementC# 3.0
Mic
roso
ft D
ynam
ics CRM 4.0
AccountingDeploymentSupport
Co
deR
igh
t In
c.
What we doContact UsManagement Team
Microsoft CodeCamp 9
C#
Dev
elo
per What’s Auth Got To Do With it?
Developing Multi-Factor Authentication Solutions
Multi-Factor Authentication Helps addresses forms of WebSite Forgery:
Cross Site Scripting
Phishing/Pharming
Man-in-the-Middle
Man-in-the-Browser
For more info: http://www.tricipher.com/threats/index.html
What is Mult-Factor Auth?
User HAS ID card Security token Software token Phone, or cell phone
User KNOWS password pass phrase or PIN
http://en.WIKIPEDIA.org/wiki/Two-factor_authentication
User IS or DOES Fingerprint or retinal pattern DNA Signature or voice recognition Biometric identifier
Multi-Factor Authentication Multi-Factor Examples?
e-Commerce: Yahoo!, Amazon Financial: DiscoverCard, ING Direct
How do you incorporate MFA into .Net Roll your own Integrate with 3rd party products:
Tricipher, RSA, or Entrust Build a Custom Provider
Some of Today’s Options
Multi-Factor Authentication
Membership Provider
What is a Provider Model and how/where is it used? Design Pattern used extensively throughout .Net that
enables developers to abstract data store(s) from the application
Enables the creation or use of presentation controls to “snap-in” to “any“ type of data store
Examples of Usage: CreateUserWizard Control, Login, LoginView etc.
What is the Membership Provider Model
Great example of Abstract Class in Action! Definition of What Methods to Expect (Abstract Class)
Controls that Expect those defined Methods being implemented (CreateUserWizard, Login, LoginView)
Implementation of those Methods (Custom Provider)
Built-In Membership Providers
SQL Membership Provider System.Web.Security.SqlMembershipProvider
Database Schema
ActiveDirectory Membership Providers System.Web.Security.ActiveDirectoryMembershipProvider
Asp.Net Membership Provider
Deploying SQLMembershipProvider
Run - aspnet_regsql.exe Create a webpage, Add Login (or other) Login-
View. Configure
Summary
Defined Multi-Factor Authentication Defined a Membership Provider Reviewed OOB SQL Membership Provider Detailed how to create a Custom Provider to a
Tricipher Armored Credential System (Vault)
Resources
CodeRight Inc. www.CodeRight.comwww.ArchitectFactory.com
Tricipher Multi-Factor Authentication
www.Tricipher.com
ASP.Net 2.0 Provider Model
4GuysFromRollaHow to Write a Provider Model
Membership, Roles and Profile Provider customization
4 GuysFromRollaChris Pels
Customizing CreateUser Wizard
4GuysFromRolla
Resources (cont.)
Asp.Net Providers (Source Code ! And Whitepapers)
Scott Guthrie
Introduction to ASP.Net Provider Model
http://msdn.microsoft.com/en-us/library/aa478948.aspx
