Programming Windows Identity Foundation (Dev - Pro) (英語) ペーパーバック – 2010/9/13
Kindle 端末は必要ありません。無料 Kindle アプリのいずれかをダウンロードすると、スマートフォン、タブレットPCで Kindle 本をお読みいただけます。
Get hands-on guidance designed to help you put the newest .NET Framework component- Windows Identity Foundation, the identity and access logic for all on-premises and cloud development- to work.
Vittorio Bertocci is a Senior Architect Evangelist in DPE and a key member of the extended engineering team that produces Microsoft's claims-based platform components (e.g. Windows Identity Foundation, ADFS 2.0). He is responsible for identity evangelism for the .NET developers community and drove initiatives such as the Identity Developer Training Kit and the IdElement show on Channel 9.
He is co-author of Understanding Windows Cardspace (Addison-Wesley, 2008) and a prominent authority/blogger on Azure, "Geneva" (the code name for Windows Identity Foundation), .NET development, and related topics.
I read the book, I have a better understanding, 200+ pages of great wisdom. Get it!!
Here are some additional details that I hope will be helpful to anyone considering this book:
1) Claims based identity is an important enabling technology that .NET developers and designer need to understand well. And this is not just case, if you are an ASP.NET or WCF developer. Claims-based identity is important even if you are SharePoint, BI or Azure developer.
2) This book is broken up into two parts. The first part explains the basics of claims based identity. Second part is more advanced and gets into the nuts and bolts of WIF.
3) Don't skip over the ASP.NET chapters (2, 3 & 4 ) just because you are not going to use WIF inside ASP.NET. These aforementioned chapters cover a number of important concepts ( such as single-sign-on, claims transformation, federation) that you will need to understand when using WIF outside of ASP.NET (say with WCF).
4) Being involved with the WIF team for a long time, Vittorio is able to provide important context around how some of the features have evolved, design decisions etc.
5) Last but not the least, it is hard to write a book on security. Fortunately, Vittorio has managed to write it in a conversational, unassuming style that makes it easy to read. Wherever needed, he provides a just in time, overview of protocols ( WS-Trust, WS-Federation and so on) without getting mired in the details associated with these, rather arcane, specifications.
This is the Lost Windows Identity Foundation Documentation.
It's great from a reference and from a how-to standpoint, including plenty of diagrams and code snippets that help to explain how different scenarios work and how those scenarios specifically apply to WIF.
I was working on a custom passive STS using WIF and found it nearly impossible to do without this book. Once I had it, there was more in it than I was even hoping for - explanations of how to handle sliding token expiration, for example, which is pretty much nowhere to be found out on the web.
It's also been really handy in helping to explain complex federation issues to my team, who are not nearly as neck-deep in this stuff as I am. After we got the first copy of this, we actually ended up getting a second because it's so useful and people sort of "hog it" and forget to return it to the library.
The only thing that's missing in my opinion is how to work with WIF in an ASP.NET MVC environment. WIF was written primarily with web forms in mind, so all of the code samples and scenarios described in this book revolve around web forms. It's sort of an unmentioned "exercise for the reader" to get things working with MVC. That's more a fault with WIF than the book, though, hence I am not docking a star for missing it.
If you use WIF, you owe it to yourself to pick up a copy of this book.