Sunday, December 23, 2012

Overview

Active Directory Federation Services (ADFS) is a service that provides a common interface for authentication. ADFS can automatically authenticate against Active Directory without the need for any code.

In this scenario, the web site is known as a Relying Party of ADFS because it relies on ADFS for authentication; Active Directory is known as a Claims Provider, because it the source of Claims – assertions about a user that it has authenticated; and ADFS is known as a Secure Token Service (STS), because it provides to the Relying Party a token contain identity information and claims about the authenticated user.

In order for a web site to use ADFS, you must perform some configuration in both ADFS and in IIS. 

IIS Configuration

Launch the IIS Manager on the computer on which you plan to host the web site. Right-click the web sites node and select New | Web Site. Provide a name, location, and other basic information to create the web site.

Right-click the newly-created web site and select Properties to appropriately adjust the web site properties.

On the ASP.NET tab, set the ASP.NET version to a value starting with “4.0”, as shown in Figure 1

IIS01-Prop_AspNet
Figure 1

At the “Directory Security” tab, click the [Server Certificate] button to associate an SSL certificate with this web site. During development, this can be a self-issued certificate; but, for Production, you will need to purchase a certificate from a Trusted Authority, such as VeriSign. The Directory Security tab is shown in Figure 2.

 IIS02-Prop_DirSecurity
Figure 2

Click the [Edit] button in the “Authentication and access control” section of the Directory Security tab. On the Secure Communications popup, check the “Require secure channel (SSL)” check box, as shown in Figure 3.

IIS03-Prop_DirSecurity_SecureComm
Figure 3

ADFS Configuration

Use the ADFS 2.0 Management Console to manage the Active Directory Federation service (ADFS), as shown in Figure 4

ADFS01-ADFS2MMC
Figure 4

Configure AD as a Claims Provider

In the ADFS 2.0 MMC Snap-In, expand the tree to select the AD FS 2.0\Trust Relationships\Claims Provider Trusts node. Active Directory should display under the Provider Trusts node. Select Active Directory to allow it to provide authentication and claims for relying parties

Configure Your App as a Relying Party

In the ADFS 2.0 MMC Snap-In, expand the tree to select the AD FS 2.0\Trust Relationships\Relying Party Trusts node. Right-click the Relying Party Trusts node and select “Add Relying Party Trust” from the context menu. The Add Relying Party Trust Wizard displays with the “Welcome” page active as shown in Figure 5. Click Next to advance to the next page.

ADFS02-RPTrust01
Figure 5

The “Select Data Source” page displays as shown in Figure 6. Select the “Enter data about the party manually” radio button and click [Next].
 
ADFS02-RPTrust02
Figure 6

The “Specify Display Name” page displays as shown in Figure 7. At the “Display name” textbox, enter a name to identify the relying party. This is the name you will see in the list of Relying Parties. Generally, the HOST name works here. Optionally, you can also enter some notes about this relying party. Click the [Next] button to advance to the next page of the wizard.

ADFS02-RPTrust03 
Figure 7

The “Choose Profile” page displays as shown in Figure 8. Select the “AD FS 2.0 profile” radio button and Click the [Next] button to advance to the next page of the wizard.
 
ADFS02-RPTrust04
Figure 8

The “Configure Certificate” page displays as shown in Figure 9. If you wish to encrypt the token returned to the relying party, you will need to add a certificate at this point. Click the [Browse] button to select a certificate. This certificate should be the same one used to secure the web site. Click the [Next] button to advance to the next page of the wizard.


ADFS02-RPTrust05
Figure 9

The “Configure URL” page displays as shown in Figure 10. Check the “Enable support for the WS-Federation Passive protocol” checkbox and enter the URL of the relying party web site. This tells ADFS to look for requests specifically from this URL. Click the [Next] button to advance to the next page of the wizard.

ADFS02-RPTrust06
Figure 10

The “Configure Identifiers” page displays as shown in Figure 11. Enter the relying party web site URL in the “Relying Party trust identifier” textbox and click the [Add] button to add it to the list below. Click the [Next] button to advance to the next page of the wizard.
 
ADFS02-RPTrust07
Figure 11

The “Issuance Authorization Rules” page displays, as shown in Figure 12. Select the “Permit all users to access this relying party” radio button. Click the [Next] button to advance to the next page of the wizard.
 
ADFS02-RPTrust08
Figure 12

The “Ready to Add Trust” page displays as shown in Figure 13. Review all information on this page and Click the [Next] button to advance to the next page of the wizard.
 
ADFS02-RPTrust09
Figure 13

The “Finish” page displays as shown in Figure 14. If you check the “Open the Edit Claims Rule dialog” checkbox, you can start adding Claim Rules as soon as you close the wizard; however, you can always go back later and add Claim Rules. Click the [Close] button to finish and close the wizard.
 
ADFS02-RPTrust10
Figure 14

Conclusion

In this article, we described the steps to perform in IIS and in ADFS to add Active Directory as a Claims Provider and your web application as a Relying Party

Sunday, December 23, 2012 4:45:00 PM (Eastern Standard Time, UTC-05:00)
 Wednesday, December 19, 2012

An Annual Review may be a key point in your career path. Depending on the company for which you work, this may be the only official feedback you receive during the year. Raises and promotions are often dependent on your annual review scores. Some companies emphasize an annual review more than others, but it's a good idea to devote some energy to them as an employee.

The first important thing to know about your annual review is that you should start thinking about it very early in the year - preferably right after your last annual review. Set explicit, measurable goals for yourself over the coming year. Once your goals are established, formulate a plan to achieve those goals. Be as specific as possible. Include skills you want to learn, certifications you want to earn, and roles you want to fill. Review these goals periodically over the following months. Revise them, if necessary and record what you are doing to accomplish them.

Keep your manager or managers aware of what you are doing throughout the year. If you are speaking at a conference, let them know. If you receive an e-mail from a customer, praising your work, forward it to your boss. He should know what you are doing and how you are doing and this tends to create a favourable impression that can only help at review time.

Record all your accomplishments. I keep a spreadsheet with a tab for Projects I've worked on, Candidate I’ve interviewed, Presentations I've given, and other categories of contributions I've made to the company. For you, this record might be a Word document or a text file or a spiral notebook. The point is that you should not rely on anyone else to remember what you did throughout the year. It's tempting to believe that your manager will remember these things, but I can tell you from experience that managers have a lot to keep track of and they will often forget what you accomplished a few months ago. Add to that the non-zero chance that your manager may leave the company or get transferred to another role and you can see why it's important that you take responsibility for remembering all that you  did during the year.

When it comes time for your review, review your accomplishments and compare them to your goals set at the beginning of the year. Give yourself an honest evaluation of your performance during the past 12 months. This accomplishes two things:

  1. It will prepare you for what your Annual Review will likely be.
  2. It will help you to articulate to your manager how well you did during the past year.

It's important to remind your manager of your accomplishments at this time. As mentioned before, there is a good chance he has forgotten some of them and providing positive data points only makes his job easier.

Finally, almost every annual review process includes some qualitative feedback. Listen carefully to this feedback, even if some of it is negative. Don’t be discouraged if you don’t get the promotion you wanted or if you were evaluated lower than you  expected. But make sure you understand why. Insist on an explanation if you don’t understand a score in a particular area. Look at the negative points as areas that you can improve next year. Use these points to help define your goals for the coming year.

A well-done annual review is an important part of an organization and of an individual's career path. If done correctly, the employee has at least as much involvement in a review as his manager does.

Wednesday, December 19, 2012 10:45:00 AM (Eastern Standard Time, UTC-05:00)
 Tuesday, December 18, 2012

Today, I tried to add a new Outlook contact and was blocked when I attempted to add an e-mail address to the contact. After typing in the address, I received the following cryptic error message: "An Outlook Address Book entry cannot be used as an e-mail address in a contact".

The problem arose because I had the same e-mail address in my "Suggested Contacts" folder.

To view your Suggested Contacts, select "Contacts" from the Navigation pane or press the CTRL+3 shortcut key combination. This view is shown in Figure 1.

image
Figure 1

Suggested contacts are populated automatically when you type an address into an e-mail's "To" or "CC" text box. They are used to quickly fill in these textboxes if you send to that same addressee again.

For me, this was hard to find because I use Outlook to manage multiple e-mail accounts and each account has its own list of Suggested Contacts and the Suggested Contact list and the Contacts list to which I was adding were not even associated with the same e-mail account.

I deleted the e-mail address from the Suggested Contact list and I was able to update the contact without error.

Tuesday, December 18, 2012 4:12:47 PM (Eastern Standard Time, UTC-05:00)
 Monday, December 17, 2012
Monday, December 17, 2012 10:13:00 AM (Eastern Standard Time, UTC-05:00)
 Monday, December 10, 2012
Monday, December 10, 2012 10:46:00 AM (Eastern Standard Time, UTC-05:00)
 Monday, December 03, 2012
Monday, December 03, 2012 10:15:00 AM (Eastern Standard Time, UTC-05:00)
 Monday, November 26, 2012
Monday, November 26, 2012 8:36:16 AM (Eastern Standard Time, UTC-05:00)
 Sunday, November 25, 2012

One of the most satisfying things I've done over the last few years has been my work with the Great Lakes Area .NET User Group (GANG). I've learned a great deal from the people in this group and my role on the leadership team has given me the opportunity to meet some of the smartest and nicest people in the industry.

I love working with this user group because I love the people and it feels great when we put together an excellent meeting with a great speaker and an engaged crowd and tasty food.

I was not prepared this week when, following the monthly user group meeting, the officers of the group presented me with the first "Compiler" award. I received a trophy with the following inscription:
Thank you for your continuous and extraordinary service to the GANG community.

GANG President Kent Fehribach said that this award will likely be given in the future, but he did not commit to any schedule. In any case, I am very proud to be the first recipient and grateful for those who thought of this.

Sunday, November 25, 2012 10:23:00 AM (Eastern Standard Time, UTC-05:00)
 Saturday, November 24, 2012

A few months ago, David McKinnon told me he planned to organize a conference at Cobo Hall. I was skeptical. At this larger venue, he could attract a much larger audience than to the previous 1DevDay, MobiDevDay, and CloudDevDay conferences he had organized, but the cost was higher. A lot higher.

Still, Dave decided to take a chance and he signed a contract with Cobo.

Months later, over 500 people showed up to see presentations on various software development technologies, platforms, and languages. The common theme was software development.

On Saturday, November 17, the lines began to form at Cobo Hall. The registration line was so long that we had to delay Ted Neward's opening keynote presentation by 30 minutes. After that small glitch, the conference went very smoothly. Dozens of technical presentations were available to the attendees, open spaces, plus panel discussions, plus a gourmet lunch. The event finished with an excellent keynote by Chad Fowler and an after-party.

I had the privilege of serving as Master of Ceremonies for this event and I could not have enjoyed this more.  Throughout the day, people kept coming up to me and telling me how much they enjoyed the conference.

After a few days rest, we may consider a 2013 1DevDayDetroit.

Saturday, November 24, 2012 10:40:59 AM (Eastern Standard Time, UTC-05:00)
 Thursday, November 22, 2012

Today is Thanksgiving and I am making pumpkin pies and preparing to call my mother and brother and go to my sister’s house and enjoy dinner and an evening with my siblings and their families. But I’m also remembering the good things in my life and thanking God for them.

Today, I am thankful for my family - especially for my two sons who continue make me proud every day.

I am thankful for my friends, especially those who supported me through the difficult times of my life.

I am thankful for the occasional encounter with a kind stranger. These events renew my faith in the people of this world.

I am thankful that I am stronger today than I was a decade ago. At that time, I had no idea how I would move forward.

I am thankful for the success I've had in the community and for any respect that his been shown to me by my peers.

I am thankful that I have not had to worry about feeding my family or putting a roof over my head.

And finally, I am thankful that my faith in God has kept me focused on the future, despite my strong desire to dwell on the past.

Happy Thanksgiving, my friends.

Thursday, November 22, 2012 10:43:14 AM (Eastern Standard Time, UTC-05:00)