About Andras Nemes
I'm a .NET/Java developer living and working in Stockholm, Sweden.

66 Responses to Claims-based authentication in .NET4.5 MVC4 with C#: External authentication with WS-Federation Part 2 Testing a real STS

  1. Les Ventimiglia says:

    Could you please update this section to handle the code that the Identity and Access dialog places in the Web.config file. The code you show:

    is no longer written to the web.config file, instead the Identity and Access dialog writes the following into the web.config file and it will not work with ThinkTecture:

    This new code ends up with “Server Error in ‘/’ Application.”
    WIF10201: No valid key mapping found for securityToken: ‘System.IdentityModel.Tokens.X509SecurityToken’ and issurer …

  2. Irmak says:

    Hi Andras. Thanks for the post, it was really useful. Did you find any chance to through the issue Les mentioned?

    • Andras Nemes says:

      Hi Irmak,
      No, not yet. I’ll try to do it before my baby is due in the coming days, otherwise I’ll need to wait a couple of weeks.
      //Andras

    • Andras Nemes says:

      Hi Irmak, I’ve gone through the setup of Identity Server and I’ve provided a quick solution in the post – we simply need to revert back to the issuerNameRegistry type that the Identity and Access Tool inserted before the latest update was published.
      //Andras

  3. Andras Nemes says:

    One more update: the error that Les Ventimiglia mentioned was due to a mismatch between the Site ID in the STS and the Issuer name in web.config. I’ve updated the post to correct this mistake.

  4. Mayoori says:

    Hi,
    I am pretty new in the world of Thinktecture! Till now I have configured one MVC application which uses Thinktecture ACS deployed on azure.
    Now next step that I am planning for is to get the tokens.
    I also want to authenticate iPad and Android application which are dependent on same identity server as my webApp!
    Kindly suggest a method to authenticate and get the tokens for all the three apps…
    Can you please suggest best approach for this? Please post links towards implementation.
    Thanks in advance!

    • Andras Nemes says:

      Hello,
      I don’t develop for the iPad or Android so if you want to get tips specific to those technologies then you’ll need to search elsewhere.
      You should get the token from the identity server. It’s up to the consuming application to handle the tokens. I’m quite sure that the languages behind the Android and iPad applications support the consumption of claims.
      //Andras

  5. Anders says:

    Hello Andras,

    I have been reading most of your posts regarding Claims, and would just like to express my gratitude over the job you put into writing them.
    It has helped me alot to gain understanding regarding Claims.

    Köszönöm szépen!

  6. Israel Pereira says:

    Hi Andras,

    First of all, thank you so much for all this series blog posts. They’re helping me a lot.

    After complete the real STS test, I noted that you continued using the method “DressUpPrincipal” in the CustomClaimsTransformer.cs to simulate database lookup.

    My question is, with a STS server configured we continue go to database in the application to get the user claims ?

    Another question is:

    How to store claims in a database ? and where we should retrieve it ?

    • Andras Nemes says:

      Hi Israel,

      “with a STS server configured we continue go to database in the application to get the user claims ?”

      It depends on where you store the claims. If all the necessary claims that your application needs can be retrieved from the STS then there’s no need for an extra DressUpPrincipal method. However, this is usually not the case. Say you have a product suite: WebAppA, WebAppB, WebAppC with their specific purposes. You can store all the claims for all three apps in one central STS. When the user is redirected to the login page from WebAppA then the STS will provide the claims for even WebAppB and WebAppC which WebAppA does not care about. This is conceptually wrong and the authentication ticket will be unnecessarily bloated. Imagine that you work as a .NET programmer and you receive 3 computers to work with: one Windows, one Linux and one iOS. What are you going to do with Linux and iOS? They may be fun to test and play with but they will not help you do your job.

      The central STS should only store those claims that are common across all applications using it. In reality this will be a very short list:

      • User name
      • User ID

      …and probably that’s it. All the application-specific claims should be stored in the storage mechanism of the application. If the applications are somehow interconnected, then you can probably provide some basic information about the rights of the user to use the other apps to enable certain features. E.g. if certain WebAppA users are allowed to use WebAppC as well then you can put a link on WebAppA like “Click here for your personal info from WebAppC” where you can base the show/hide logic of the link on some basic true/false claim type coming from the STS. But as soon as the app receives the claims from the STS it should populate the claims list with the application-specific claims from its own data store.

      “How to store claims in a database ? and where we should retrieve it ?”

      You have a lot of freedom here. If you work with a relational database then you can have a User table with columns for the claim types. It can be as simple as true/false columns called e.g. “View”, “Edit”, “Admin”. You can then have a claim key called “http://mycompany.com/permission-group” and the value will be “view”, “edit” or “admin” depending on the bit values in those columns.

      However, claims can be dispersed across the database if you wish. Some of the claims I use in the project I’m working on are coming from 4-5 different tables. It is up to the data access logic to read all the claims.

      I’m not sure what you mean by “where we should retrieve it?” exactly, but it is the data access layer with the DB code – ADO.NET, EntityFramework, Linq to SQL etc. – which ultimately reads that type of data from the data store.
      //Andras

      • Huxley says:

        Hi Andras, great blog, I’m a fan. I know I’m kind of late to the party here but when I was reading this comment I could not help disagreeing with some of the things you are claiming here. Consider the following. In a big enterprise applications where your claims are scattered across multiple locations, AD Oracle db, MSSql db, some 3rd party apps and so on, you would have to access all of these ( or the ones where the claims that you need ) in all of your webapps ( the dress up claim function in this case ). Now if someone decides to merge the Oracle DB and the MSSQL db, you have broken all your webapps that are using claims from these DBs. And note, this is not a trivial example, my experience with big enterprise apps things usually get ugly and scattered over time. However I completely agree with you that a WebAppA should only get the claims that it needs ( not the WebAppB and WebAppC claims ) but it should not care were these claims come from, it only knows about the STS and relies on it for getting the claims it needs. Now in the thinktecture STS we setup a “Relying Parties & Resources” instance so we should be able to set what claims to return on that instance so we don’t get all the claims available from the STS back to the application. But then again I am kind of a noob to these STS so I might be way off, what do you think?

      • Andras Nemes says:

        Hello Huxley, thanks for your inputs.
        I think you have a lot more experience with large integration projects than I do. Do you have a blog somewhere with a post that is relevant to this topic? It could be good to add a link to it from here.
        //Andras

      • Huxley says:

        Hi Andras, no, i have no blog about the subject and I think I don’t have the sufficient knowledge to write such a blog. I have only used existing STS in a large scale company and through some in house written libraries that go on top of a in house written STS. I have not configured them my self ( hence here I am reading your great blog! ). The only point that i was trying to come across was that you should be careful was tying all of your webapps to number of data sources in order to get your claims. Ideally in my opinion it would be best that you only have dependency on your STS. That way if you change the location where claims are kept you would only have to reconfigure your STS and all your webapps would work afterwards. I think the ideal way to implement this is to ask the STS for list of claims and the STS sends them over. That way if your webapp goes stail, no biggy, its always asking for the same claims and your STS knows how to get them. If you are developing a new webapp, you would have to configure the STS so it can provide these new claims. But as I said, i’m kind of a noob in these STS, so what do you think? See any flaws in this approach? ( you are the pro here 🙂 )

  7. Francois Joly says:

    This may be a dumb question but when the user gets redirected to the STS login page, he enter his username and password (BTW, can you setup Google and / or Microsoft authentication with this open source identity server) and then the STS issues a token with the user’s claims.

    What I’m missing is, where do you setup claims for specific users? If user random users registers on my website I have to store some claims about him on my data store AND the STS? How do you communicate with the STS saying things like “hey, this user has just registered with username XXX and password ZZZ”? Or does the STS and my application have to ‘share’ the user store so they have access the the same information?

    Also, with MVC 5 coming out, it would be nice if you could talk about how the ASP.NET One Identity feature relates with everything you talk about in your blog series about claims. Does some things have become obsolete? (I haven’t read past this post so maybe you did talk about it)

    Thank you very much for your posts they helped me understand claims a lot better!

    • Andras Nemes says:

      Salut Francois,

      “BTW, can you setup Google and / or Microsoft authentication with this open source identity server”
      –> you mean like signing in with your Google or Microsoft Live ID? Well, it’s an open source project so you can certainly add logic to accept Google/Facebook etc. identification types. However, I think the idea with this particular STS is that that you have complete control over the user database as well. You are free to extend it and store what you want about your users at the STS side. There are OAuth templates in the standard MVC4 startup project for Facebook, Microsoft, Twitter and Google, so there’s nothing stopping you from adding that to the Thinktecture project.

      “where do you setup claims for specific users?”
      –> that’s entirely up to you where and how you register your users and their claims but they will likely end up in a good old relational database. Another commenter in this thread had a similar question, check out my answer, it may help you.

      “If random users registers on my website I have to store some claims about him on my data store AND the STS?”
      –> It’s enough to store a single identifier about the user that cannot change and is common to the STS and the application database, such as a GUID, to minimise the need for synchronisation. This GUID can be sent as a claim to the consuming application so that it can find the user based on that and retrieve the application-specific claims from its own user store. It’s again up to you as a developer to register the user and their claims. There’s no need to duplicate any data across the STS and application databases other than this GUID so that you know who you are looking for.

      “How do you communicate with the STS saying things like ‘hey, this user has just registered with username XXX and password ZZZ’? Or does the STS and my application have to ‘share’ the user store so they have access the the same information?”
      –> You can store global user data in the STS data store, such as username, password, the GUID that links the user to the user stores of the applications that accept the tokens from the STS. You might store a couple of other things at the STS side, such as created_utc, but not much else. You can take care of user creation either at the STS or the application side but the two are not constrained to share any data store. They can communicate through some minimalistic web service. Be sure to make the the STS and your application as loosely coupled as possible where a shared database does not sound like a good idea to me.

      “Also, with MVC 5 coming out, it would be nice if you could talk about how the ASP.NET One Identity feature relates with everything you talk about in your blog series about claims. Does some things have become obsolete? (I haven’t read past this post so maybe you did talk about it)”

      I haven’t got that far yet and quite frankly I don’t know. I only heard that this new Identity feature can be used with OAuth, Claims, the good old MembershipProvider etc. in any project type: mvc, web forms, wpf, you name it, and it should be nothing short of “revolutionary”. Claims can be stored in a database and entity framework will help you retrieve them more easily I guess, but I’m really not sure. I’m unfortunately not a Microsoft insider to be able to give people any hints in advance.

      //Andras

  8. Raj says:

    Dear Andras,

    Read here that you going to be a father soon, congratulate on that!!

    From all the bottom of my heart, I thank you for putting up these series of articles on claims, custom STS etc.. Really it is not an easy thing for a newcomer to figure out all these things. You have put in so much efforts and have made sure that followers (like me) shouldn’t go wrong while setting up things (unlike some other posts where after whole day article reading, you will come across many errors). So again, thank you so much.

    Sincerely, patiently following every byte of your article 🙂 Please keep the good work and research going!!

    Cheers!!
    Ashwin

    • Andras Nemes says:

      Dear Ashwin,

      thank you for your kind comments! I’m glad you’ve found the blog posts helpful.

      //Andras

      • Raj says:

        Hi Andras,

        you are welcome.

        I have a doubt or question: my situation is:
        – I want to build a custom STS. so i am referring to ThinkTecture as it is the best available option in market as of today. (that’s what i understand from internet search)
        – From high level my scenario is: user will click on websites (say site1, site2….) to SIGN-IN button for single sign ON.
        – on sign in button click, request will be redirected to ACS login page.
        – ACS login page will have social IDPs PLUS my own IDP (which will be a seperate web application).
        – For later case, ACS will redirect me to a claims aware web application which will display a login page with username/password textbox and login/submit button. There i am planning to send these username/password to another CUSTOM STS class library sort of application to get a token based on valid authentication or not? STS app will check this against asp.net membership provider.

        Now, the interesting and difficult portion begins for me: Till now i am successful in setting up claims aware app, identity server (as explained in their videos) etc etc. But i am having lot of difficulty in understanding
        > how to start in ThinkTecture source code (modification)?
        > where to start? Which project is actually doing the token related work?
        > Whether it is possible or not? Or am i totally misunderstood?

        The ThinkTecture.AuthorizationServer source code has a web application and other class libraries but I am stuck and don’t understand the modifications needed to get a token back to my application.

        They have few videos however there videos display more of graphical setup process etc. I am sure in many real life scenarios, they would not like to use there login page, server setup configuration style, client configuration style etc.. instead they would like to use ThinkTecture as a custom STS which can do a token providing job. That’s it!!!

        If you have any ideas on these matters, could you please help? I would really be grateful.

        Thanking you in anticipation.

        Regards
        Ashwin

  9. Simerjot Kaur says:

    Hi Andras,

    I want to add SQL as Identity Provider in Windows Azure Access Control. This IdP can authenticate users based on the credentials may be stored in SQL server or may be use the login username and password for sql as authentication.

    Are there any code samples or references for the same? How exactly do i need to proceed on that?

    Simer

    • Andras Nemes says:

      Hi Simer,

      I’m not sure I understand what you mean exactly. Would like to have Azure Access Control as your STS or as the user data store for your STS?
      Please clarify.
      //Andras

  10. reddy says:

    Hi,

    I am getting error as below after using our company provided STS authentication. This STS is not giving user name. SO not sure how to fix this issue. Appreciate your help on this.

    Server Error in ‘/’ Application.
    ——————————————————————————–

    Value cannot be null.
    Parameter name: username
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.ArgumentNullException: Value cannot be null.
    Parameter name: username

    Source Error:

    Line 86: //}
    Line 87:
    Line 88: foreach (Claim claim in currentPrincipal.Claims)
    Line 89: {

    • Andras Nemes says:

      Hello again,
      It’s difficult to see from here what’s happening within your STS. Do you have access to the code? Can you run it in debug mode to see what’s happening?

      You should check and see if the STS finds the credentials of the user who is trying to log on. The username may not be populated correctly because the STS cannot find the user in the data store.
      //Andras

  11. Great job! Helped me out a LOT!

  12. Pavlos Polianidis says:

    Hi Andras,

    I have a question which is think is relevant to this topic, and i wonder if you could help me.
    There is an issue that i’ve come across recently which i really cannot resolve. I have a web application that uses Federated claims-based authentication using the Identity Server as the STS. I have a custom implementation of the ClaimsAuthenitcationManager where i go all the custom claims principal transformation. I’ve been testing my app on IISExpress and everything used to work fine; The authenticate methods was being invoked by FAM; However, once i deployed the application on a virtual machine using the IIS, that method is not being fired anymore. I honestly, don’t know what I’ve done wrong. I wonder if you know anything about that.

    Cheers,
    Pavlos

    • Andras Nemes says:

      Hi Pavlos,
      “Virtual machine”, do you mean Azure or some other service?
      //Andras

      • Pavlos Polianidis says:

        No it’s a VM installed locally on our servers

      • Andras Nemes says:

        Do you have any logging in place? Can you describe what’s happening in the code? Does the overridden CheckAccess method in CustomAuthorisationManager fire at all? Have you maybe missed some uncaught exception before?

      • Pavlos Polianidis says:

        Well it’s really strange, because it works fine when i deploy on my machine. I’m using the remote the debugger; so there is no exception being thrown. And the CheckAccess method in CustomAuthorisationManager is not called either. However, i see the FedAuth Cookies being set.

      • Andras Nemes says:

        Have the ClaimsAuthenticationManager and ClaimsAuthorizationManager modules been registered in the web.config file correctly on the server? Please double-check that web.config has not been modified by some other template like web.release.config. The custom check access not being invoked sounds like a symptom of faulty module registration.

  13. Pavlos Polianidis says:

    I thought that the problem was due to the migration from IISExpress to IIS, but that doesn’t seem to be the case. I deployed everything locally on my machine, and it works fine. I will try to re-deploy it just to make sure i didn’t do anything wrong.

    Cheers

  14. bartek4c says:

    Hi Andras, first of all I wish to congratulate you on your blog. It’s so difficult to find any articles as well and clear explained as yours, additionally illustrated by step by step guide through the code.

    I’m new to claims authentication, and all of this STS, RP, IdSrv, OAuth and others. Your posts resolved many of my doubts, but not all of them. I was trying to modify your example and added api controller instead of regular one in the relying party. When I call a method in the controller directly everything works fine, I am being redirected IdSrv where I login and gain access to the content. Now, is it possible to consume data exposed in this controller, and secured with [ClaimsAuthorize(“Show”, “Code”)] from another, external mvc application?

    When I create get request in fiddler to the method in the api controller I get a redirect (302) response to identity server but OK (200) response just after that

    • Andras Nemes says:

      Hi Bartek,

      I’ve never tried to translate the solution into Web API, so I cannot give you a definite answer unfortunately. As far as I know the ClaimsAuthorize attribute has a Web API equivalent in a different namespace. Check the attributes available in the NuGet package where the MVC ClaimsAuthorize attribute is located, there should be a ClaimsAuthorize attribute in the ThinkTecture.IdentityModel.Authorization.WebApi namespace as well.

      Also, in the MVC solution we created an authentication session. It’s normal to have sessions in an MVC app where you can log on and off but with Web API it’s different as it a restful web service. You send your request, receive some answer and then you’re forgotten. It’s hard to see how an auth session can be established with a web api application. You’ll need to send the auth token with every request in some form, normally in the header. You’ll get an auth token from the id server and you’ll send that token to the web api every time you need some protected data.

      The next topic on this blog will actually discuss Web API 2 in 3 installments. The 3rd part will show an example of how to authenticate with a web api controller using tokens. The difference is that the web api example is simpler in that it won’t use an external auth provider. The web api will be responsible for handing out the tokens. However, it may be enough to get you started.

      //Andras

      • bartek4c says:

        Hi Andras

        Thanks for your reply. Would like to ask you couple more precise questions if you don’t mind:

        1) You are right, Thinktecture.IdentityModel.Authorization.WebApi namespace is used to authorize access to a Web API method. Whenever I call this method and am not logged into IdSrv I will be redirected to the IdSrv login page. This happens when I call the method from the web browser. Problem is, I would like to call this method from MVC controller in another application (first because it’s required for the business logic, second to avoid CORS that I would need to handle in JavaScript). Is it possible? Is there any way I could handle HTML of the IdSrv login page (http response – redirect) in the controller do display it correctly to the user?

        2) How do I add token to the response? Can it be done through the Thinktecture IdSrv interface?

        3) If the token would be added to the response header, would I still be able to use similar ws-federation and CustomClaimsTransformer class to dress up the user in additional claims held locally? Would the incoming principal ClaimsPrincipal object of the authorize method be replaced by the token object?

        Hope those questions make any sense,

        Bartosz

      • Andras Nemes says:

        Hi Bartozs,

        Let’s see if I got this right. You have a system with 3 components:

        • An auth server with ThinkTecture and its own login page
        • An MVC app which is the interface for the users and where people can log in
        • A Web API app for the domain logic that the MVC app communicates with

        A customer lands on the MVC app and tries to access a protected resource. The request goes to the Web API app which sees that there’s no auth header yet and redirects the client to the auth server login page. The auth server responds with the auth token + claims that in turn can be is also used by the Web API.

        Are these statements correct?

        //Andras

      • bartek4c says:

        Could not reply to your latest post for some reason.

        YES!!! What you described is exactly what I’m trying to achieve! I would only add that username is the only claim I would like to keep on the IdSrv. The rest of claims should be sourced from the Web API database

        Are you able to give me any advice on how to modify your MVC solution to achieve that?

        Thank in advance

        Bartosz

      • Andras Nemes says:

        OK, I see. So the MVC app is really only a collection of views and all the logic, including the detailed user database is only available for the Web API app, right?

        I don’t think there’s a straightforward solution to transform the MVC model in this blog to automatically fit a Web API app. As there are no sessions in a RESTful web service it’s not possible to set up and auth session in the web API app.

        Taking these elements into consideration I can see 2 different approaches:

        Approach #1: let the MVC app establish the auth session with the following flow:

        • The user lands on the MVC app and tries to access a protected resource
        • The MVC app sees that the user is not authenticated and redirects the request to the login page – note that the Web API app has not been contacted
        • The MVC app receives the minimal set of claims from the auth server
        • The MVC app sets up the auth session the same way as we saw in the blog
        • The MVC app sends the request to the web api for the protected resource
        • The MVC app attaches the available set of claims along with the request in some form, e.g. in the header
        • The Web API app extracts the initial set of claims from the request and gets all additional claims from its user store
        • The Web API decides whether the user is allowed to access the resource and sends an appropriate response
        • As the full set of claims cannot be saved in a session in the Web API app – the session is only valid for that single request – you can either cache it for a short time period or send it back along with the response to the MVC app. The MVC app can in all following requests send the full set of claims it received upon the first request or keep sending the limited claim set.
        • The Web API app can fetch the rest from the cache or contact the user store if the cache is empty

        Approach #2: request user token from Web API with the following flow:

        • The user lands on the MVC app and tries to access a protected resource
        • The MVC app sees that the user is not authenticated and redirects the request to the login page – note that the Web API app has not been contacted
        • The MVC app receives the minimal set of claims from the auth server
        • The MVC app sets up the auth session the same way as we saw in the blog
        • The MVC app requests an auth token for the user from the Web API using a special endpoint, such as /Token with the username + pw
        • The Web API builds the full set of claims from its user store
        • The auth token is returned to the MVC app
        • The MVC app saves the token and the claims set in the session
        • The MVC app uses that token upon every subsequent request to the Web API app
        • The Web API app decides if the user is allowed to access the resource based on the claims in the auth token

        This second approach is almost readily available in Web API 2, but you can achieve the same with some extra coding. The auth token should have an expiry date and should be signed to detect tampering. You’ll soon see on this blog how to get an auth token from Web API.

        //Andras

      • bartek4c says:

        That’s a great explanation! I somehow feel that approach #2 is more ‘appropriate’ and can hardly wait for your posts related to Web API 2. Meanwhile, can you please correct if I understand it correctly? According to what you say the STS would have nothing in common with the Web API itself. It would be a resource with its own database of users and user login as the only claim. This resource could be then shared between different MVC apps requiring the same set of users. It would be up to those apps to contact the appropriate API’s which would hold detailed claims characteristic for each system that particular MVC app would represent. Security between MVC apps and their Web APIs would be based on tokens generated on behalf of the user sourced from the STS. Therefore, WebAPI could stay stateless?

      • Andras Nemes says:

        “STS would have nothing in common with the Web API itself. It would be a resource with its own database of users and user login as the only claim.”

        That’s right. If you prefer to put all your logic in a separate web service and keep the MVC as a collection of views only then I don’t see the point of associating the Web API app with the STS. The sign in/up/out process can be handled between the MVC app and the STS.

        “It would be a resource with its own database of users and user login as the only claim.”

        Yes, an STS is always an independent piece of software that many applications can use for sign up/in/off purposes – those applications that have been configured for it of course. It’s your decision what types of claims you put there but normally you store those claims at the STS which are common to all consuming parties. Generally there aren’t too many: username, some user GUID, created date and possibly some more. You’ll need to assess how to distribute the claims of a user: general claims at the STS, application-specific claims at the application user store.

        “This resource could be then shared between different MVC apps requiring the same set of users.”

        Yes, this comes back to the point that normally an STS holds a minimal set of generic claims that all consuming parties need so that they can identify the user and fill up the STS claims with application-specific ones.

        ” It would be up to those apps to contact the appropriate API’s which would hold detailed claims characteristic for each system that particular MVC app would represent.”

        Yes, if you hold all logic with the Web API then the MVC app must contact it for services, including services about users and customers.

        “Security between MVC apps and their Web APIs would be based on tokens generated on behalf of the user sourced from the STS.”

        The STS sends the initial set of claims back to the MVC app and the MVC app establishes the auth session. If you go with approach #2 then the MVC app requests an auth token from the Web API and uses that token upon all subsequent requests. The Web API can decide for each request if the user has access to the protected resource.

        “Therefore, WebAPI could stay stateless?”

        A Web API app is stateless regardless of what we have discussed so far. You cannot log onto a RESTful web service and expect it to remember you in the next request. That’s possible with stateful web apps where you can log in, click around and log off.
        You can still however store the current ClaimsIdentity within each request. Say that you intercept all incoming calls to the Web API using a DelegatingHandler class. You can extract the incoming claims in that handler and store it like we did in the blog:

        ClaimsPrincipal principal = new ClaimsPrincipal();
        List<Claim> userClaims = new List<Claim>();
        .
        .
        .
        userClaims.Add(new Claim("blah", "blah"));
        ClaimsIdentity claimsIdentity = new ClaimsIdentity(userClaims, "Company");
        principal.AddIdentity(claimsIdentity);
        Thread.CurrentPrincipal = principal;
        

        …then further down the stacktrace of the same request you can get hold of the claims identity where you need it:

        ClaimsPrincipal principal = ClaimsPrincipal.Current;
        

        However, you won’t be able to put this into a session, the “principal” object is only valid for a single request.

        //Andras

      • bartek4c says:

        Hi. As you suggested I’ve been looking into Web API 2 template, Identity, OWIN, Katana, default /token endpoint, etc. As I’ve seen however, the default security setting for Web API 2 require password for managing user, which is obvious. However, when I override Authenticate method in CustomClaimsTransformer I do not have access to password, which is right since authentication is handled by STS. Therefore, what would you suggest to do at this point? I was considering creating a simple algorithm which would autogenerate internal passwords based on the user login. This way API would have additional security mechanism, otherwise any request with a bearer token and any claims would be allowed to access secured methods? Does it make any sense?

      • Andras Nemes says:

        Hello, yes, you’ll see in tomorrow’s post that the built-in /Token endpoint only works for users that have been registered with the web api, i.e. those whose login + pw data are stored in the data store of the web api. However, you don’t HAVE to use that endpoint. Your custom scenario is asking for for a custom solution. There’s nothing stopping you from setting up your own endpoint with your own OWIN and Katana elements where you inspect the customised auth token sent from the front end.

        Even if you had access to the pw from the STS then you’d need to store it in the web api data store as well, meaning that you’d need to register the users in two places. This clearly beats the purpose of SSO. So if you want to make the API public then you’d have to take this into consideration. Your users should be able to call the Web API with login + pw. Alternatively you can offer a separate service within your web page: create unique user tokens for your users that will give them access to the API. You can register those access tokens in both the Web API DB and the STS and send it along with every request to the web API from your front end. That way unauthenticated users cannot just send any bearer token to the API – they must send along a valid token that they have acquired through your web site.

  15. Does your GeoBrowse work on Linux? My CNG affirms “Geobrows is just not on the web”. I am, naturally, linked to the Internet as well as other things are doing work. Doesn’t seem to be to work for me either. May be really worth declaring some sort of support solution. What document format are the true magazines in? I actually have earlier ordered other newspaper choices on Disc-ROM now I can no longer make use of them as a result of OS API changes. Such as PDF, then it could convince me to purchase the collection, if they are in some semi-open/open format. The cng files are all jpegs, XOR’d bitwise with 239 If anyone wants to hack up a viewer, feel free Great! Cheers Bob. Top quality content articles are the principle as a concentration to the visitors to visit the web webpage, that’s what this web site is offering. Right here is the correct blog site for everybody who wishesto find out about this matter. You understand a lot its almosthard to disagree along (not that I personally would like to…HaHa).You actually put a new spin with a subject that’s been discussed for many years. Superb information, just wonderful! Whats up are utilizing Word press to your website system? I’m a novice to the blog site planet but I’m trying to get started and set upmy very own. Can you demand any coding information to create your ownblog? Any aid would be tremendously valued! Hi there! Would you mind if I share your blog withmy zynga group? There’s lots of people which i consider would actually appreciate your articles. Remember to inform me. Thanks You happen to be so amazing! Someone with some originality, i don’t believe I’ve truly read through a single thing like that before.So wonderful to discover someone with some original thoughts on this issue.Really.. many thanks for starting this up.This site is one thing that is needed on the web! I was once recommended this website by my cousin.I am will no longer good whether or not this submitis published through him as nobody recognize this sort of special approximatelymy difficulty. You will be amazing! Thank you! Many thanks created for discussing such a fastidious considering, section is useful,thats why we have go through it fully I just couldn’t depart your web site before suggesting that I really loved the usual info an individual supply on your guests? Is about to be once again ceaselessly to investigate go across-verify new blogposts Hello there! This submit could not be published any better! Reading via this submit tells me of my good old space companion! He generally held discussing this. I am going to forward this site to him.Pretty a number of he will have a great go through. Thank you for revealing! I believe that is amongst the this type of whole lot important facts for me personally. And i’m glad reading your report. But wanna viewing on handful of standard troubles, The world wide web internet site fashion is fantastic, the content articles is definitely nice : D. Perfect work, cheers Heya i’m for that primary time here. I ran across this board and I to locate It beneficial And it helped me out a great deal. I’m looking to give something once more and support other people suchas you helped me. Hi there there! This can be my initially review in this article and so i just desired to offer a fast shout outand tell you I absolutely appreciate looking at through your posts.Can you suggest some other blogs and forums/sites/forumsthat talk about a similar subjects? Thank you so much! If you’re looking for a writer for your blog, please let me know. You possess some excellent articles and I truly feel I would be a great advantage. If you ever want to take some of the load off, I’dabsolutely love to write some material for your blog in exchange for a link back to mine.Please send me an e-mail if interested. Cheers! That is a wonderful hint particularly to people clean to the blogosphere.Short but extremely correct information… Many thanks for expressing that one.A must read through report! I like your blog.. very good hues And style. Would you make thiswebsite on your own or have you employ someone to make it happen foryou? Plz response back as I’m planning to layout my weblog and would want to learn where by you received this from. many thanks a lot Hi! If you ever have any issues with hackers, i just wanted to ask? My very last blog site (wordpress) was hacked and that i ended up dropping a few months of hard work as a result of no info back-up. usually i accustomed to study smaller sized articles which clear their motive, which isalso taking place with this section which I am reading in this article. Such a substance of un-ambiguity and preserveness of valuableknow-how relating to unpredicted sensations. I’m actually impressed along with your creating abilities as smartly as with the structure for your weblog. Is that this a paid for material or did you modify it on your own? In either case stay up the great good quality creating, it’s unheard of to peer a great website this way 1 thesedays.. An impressive reveal! I have just forwarded this ontoa colleague who had been undertaking a bit of research on this.And the man in fact requested me supper because I stumbled upon it for him… hehe. So, allow me to reword this…. Many thanks forthe dinner! ! But yeah, i appreciate you paying serious amounts of focus on this topichere on the internet site. I am actually thankful on the holder with this websitewho has distributed this tremendous publish at right here. Location on with this publish-up, I totally consider this amazingsite requires far more consideration. I’ll probably be returning to go through more, many thanks for the recommendations! Hello co-workers, its wonderful article regarding educationand totally outlined, ensure that is stays up all the time. Hello. I came across your website the usage of msn. Which is a really wellwritten write-up. I’ll make sure to take note of it and return to get more information of your respective useful details. Be grateful for the post. I am going to undoubtedly recovery. Hey are employing Wp for your blog site foundation? I’m a novice to the website entire world but I’m trying to get started andcreate my. Do you want any html computer programming information tomake your very own website? Any assist would be significantly appreciated! Cheers a bundle for expressing this with ofus you undoubtedly acknowledge what you will be chatting approximately! Howdy! I could have sworn I’ve been to this website before but after reading through some of the post I realized it’s new to me. I wanted to thanks for this excellent go through! ! I absolutelyenjoyed each and every amount of it. I’ve acquired you book noted to consider new information you submit… Hi there there! I could have sworn I’ve been to this site before but after going through a few of the articles I realized it’s new tome. Anyways, I’m certainly happy I discovered it and I’llbe book-marking it and looking at again frequently! I adored around you can expect to get conducted below. Website link trade is absolutely nothing more however it is merely putting the other person’s website link in your page at appropriate position and also other particular person may also do comparable in favour of you. Hey I realize this is off subject having said that i was wonderingif you knew of the widgets I could possibly enhance myblog that immediately tweet my most recent youtube up-dates.I’ve been searching for a connect-in this way for quite a while and was wanting you could possibly could have some exposure to something similar to this. Please let me know if you run into anything. I truly take pleasure in reading through your blog site and so i look forward to your brand new up-dates. It’s amazing to visit this online page and reading the sights of most colleagues regarding this section, while I am also keen of getting familiarity. It’s an outstanding submit in favour of all of the world wide web visitors; they are going to make the most from this I am certain. People, to locating the best coverage. I will instantly grab your rss feed as I cannot find your e-mail subscriptionhyperlink or e-zine service. Do you possess any? Kindly i want to understand so as which i could register.Thank you. If you are not understanding something fully,except this piece of writing gives nice understanding yet, Asking questions are truly good thing. Hello there, In my opinion your website can be experiencing online internet browser compatibility problems.Whenever I take a look at your web site in Safari, itlooks good but when launching in Web Explorer, it’sgot some overlapping concerns. I simply needed to provide you with a fast heads up! In addition to that, wonderful website! Extremely descriptive blog, I loved a great deal. Will there be considered a aspect 2? I appreciate you good article. I really hope you can expect to create more. I ran across this website and uncovered so that it is particularly very beneficial. Hi there! Before but after checking through some of the post I realized it’s new to me, i could have sworn I’ve been to this blog. Anyways, I’m absolutely glad I came across it and I’ll be bookmarking and looking at rear regularly! I have got been trying to make money on-series for a good when with average success, even so it absolutely was not too long ago when I came across your website and also have been a subscriber considering that. This Secret Shopper post has really curious me. Thx! Ho ho, who wodula thunk it, appropriate? We need to say how your review is top quality. I acquired numerous methods i believe. Thank you for this process. I hope you are going to keep working and in many cases keep show recent important info that men and women usually do not around this point. I had been extremely pleased to get this web-website.I wanted to thanks for your time and efforts with this great read! ! I absolutely experiencing each and every small amount of I and it have you ever bookmarked to look at new things you post. A great a lot of belongings you’ve presented me regarding how to turn into a mystery buyer. I become it now! Aw, it was a really nice article. In strategy I want to devote writing such as this furthermore – spending time and actual energy to make a excellent article… but so what can I have faith that… I procrastinate alot and in no way seem to get one thing done. Carry on producing and chuggnig out! do you possess twitter or facebook or myspace! I wish to become your enthusiasts in hurry.2 Son of a firearm, this is certainly so useful! Love it! Thank you! Hello, you’re the goto expert. Thank you for hanging out on this page and supplying us the low straight down regarding how to start up a organization! I am just so pleased that I found this site, and appreciated what you folks are as much as. Such clever function and revealing! Maintain the amazing works guys I’ve incorporated you men to my own blogroll. In my opinion it will increase the worth of my blog site You’re usually the one with all the minds on this page. I’m seeing for your content. Ya discover something new each day. It’s correct I assume! An incredibly helpfull post Many thanks greatly I really hope you simply will not mind me running a blog about this submit on my small website I will also abandon a linkback Many thanks Nicely created piece, thanks a lot very much. Will view your web site more frequently in the future. Hey there, I found myself searching using your website and I think I have got an excellent strategy for doing it. Really, We have a very good thought for doing it. Have you thought about formatting your web site for cellular internet sites? If you didn’t, You’d be crazy. That’s my major source of breads these days . fantastic blog however, many images will make it better. The producing is good and facts is wonderful although so cheers. Really great facts can be found with this website. Thank you so much for revealing all you understand about a lot of topics! Superb details here. This exciting submit taught me to laugh. More fascinating than the majority of what’s out there. Your blog has excellent content Great post. Its realy good facts for people. Thank you a whole lot! Place on with this create-up, I really consider this website requires significantly more concern. I’ll in most probability be once more to find out a lot more, i appreciate you that info. You’ve got wonderful insights about suspense purchaser, keep up the good work! You’ve received fantastic information about secret purchaser listing, keep up the great work! You’ve acquired wonderful observations about secret consumer business, maintain the good operate! be grateful for helpful suggestions and just great information I like your website! Hello there, I feel that your website is excellent. I found it on Yahoo. I will certainly come back. I found things i wanted. fantastic write-up, thank you Great being browsing your blog once again, this has been several weeks for me. Nicely, here is the tale that I’ve been anxiously waited for such a long time. Cheers, Great info! And lots of it also. Now i use a WordPress blogs blog, and it’s been up for around three months now. Like you stated, my website is improving, getting more traffic, because of the WP blog. I actually do really like how effortless WP is to use. Your composing has truly inspired me to totally alter my method of writing. I seriously enjoy all of your effort. Effective WordPress Start Theme! ! “You may have really produced some excellent factors right here. I specifically take pleasure in how you’ve been able to keep a lot imagined in a reasonably brief article (comparitively) which produces it an thoughtful publish on your topic. For me, you’ve offered the topic in the very in depth however to the point approach, that is certainly genuinely useful when an individual would like to find the information without having to spend way too a good deal time looking the web and sifting out of the noises to discover the techniques to their queries. I get so disappointed with ample inside the closing outcomes within the main SE’s mainly because they usually often largely be filled up with filler content material that often isn’t really practical. When you don’t mind I’m likely to add more this submit plus your website to my delicious most favorite so I can reveal it with our kids. I appear to nearing rear to look at your future blogposts too.” Hi there Wonderful publish, that is things i was trying to find , thanks for the reveal. Cheers… Hello there there is it possible to advocate some other blogs/web sites/message boards which cover a similar subjects? Be grateful for your time and efforts! I found myself just exploring for this information for just about any when. Roughly two hrs of on-line studying, fortunately I attained it with your website. I do not understand why Bing do not indicate this type of ingenious sites from the very first web page. Generally the leading sites are craps. Possibly it is time and energy to change to a different one research generator. Wonderful website! Have you got any tips for soon to be authors? Many thanks a good deal! That’s what I’m searching for this stuff thank you for the content Hello there, delighted to change a hyperlink using this type of internet site, you should contact website, administrator and email within this commentary. Clearly, Apple’s iphone app store is the winner by way of a distance. It’s a massive variety of all sorts of apps versus a very unfortunate variety of a few for Zune. Microsoft has plans, especially in the realm of games, but I’m not sure I’d want to bet on the future if this aspect is important to you. The iPod is a far greater selection in that case. Wonderful write-up Raja,I am also expecting next PR update. I really hope it will probably be updated midst of February. i was looking for this sort of information about pagerank but by no means observed these kinds of information in just one submit thanks for this good article Raja while keeping in the excellent operate… No terms to mention about this submit Raja. You authored an ideal report how the each and every blog writer need to know to accomplish far better running a blog. Wonderful Search engine marketing tips, actually gonna to implement these for my weblogs. Thanks for sharing, keep producing. My experience says that the website era never ever is important, We have blogs and they are years of age nonetheless they have a similar PR of 2. Raja,After groing through a number of the blog posts onyour blog site, I really take pleasure in your path of writing your blog. very useful article, it helped me a lot, you have summarized all the steps in order to increase page rank Can’t satisfy along with your ideas as a result of Weblink Changing tactics. I recall on the current Matt Cutts update he was quoted saying: You can link together of your blog if the site related. But doesn’t mean to change hyperlinks with any. I am aware that’s would provde the increased charges… Try to only get back links from internet sites that are based on our niche market. Unnatural inbound links looks suspicious to Yahoo and google and you could get fine sand-encased. Hi there buddies, how is almost everything, and what you desire to say on the subject with this section,within my perspective its the truth is awesome intended for me. Helpful tips. Lucky me I came across your online site accidentally, and Iam amazed why this crash didn’t occurred before! I added it. Great shipping and delivery. Fantastic disputes. Keep up to date the fantastic energy. We’re a small group of opening and volunteers a fresh plan in our neighborhood. Your web site supplied us with beneficial facts to operate on. You might have accomplished a remarkable career and our whole local community is going to be happy for you. Appreciating the time and energy you putinto your blog and detailed information you offer.It’s great to come across a blog every once in a while that isn’tthe same outdated rehashed material. Fantastic go through! I’ve added your web site and I’m addingyour RSS rss feeds to my Yahoo and google bank account. What’s up every one, on this page everybody is revealing these kinds of familiarity, therefore it’s nice to read through this amazing site, and so i applied to see see this internet site daily. What’s up, all is certainly going audio in this article and ofcourse everybody is revealing details, that’s truly excellent, keep up producing. Hi! Will you us Twitte? ‘d like to follow you if that would be okay. I’m without doubt enjoing yurblg and lok forwrd to nw content. AndTau;hanAndkappa; you for th good witeup.It f tuth be tAndomicron; ld used to ba leur account it. Look avnd to considerably addd agreeabl frοm you! B the way in which, h ould we b incontct? This infrmatin is rielss.Hο will discover far more? Many thanks for the good writeup. It in reality was a amusement profile it.Seem innovative to considerably included reasonable of your stuff! By the way,how can we communicate? First off I would like to say wonderful blog! If you do not mind, i had a quick question in which I’d like to ask. Before writing, i was interested to find out how you center yourself and clear your thoughts. I actually have enjoyed a difficult time eradicating my head to get my tips out there. I do take pleasure in composing nonetheless it just may seem like the 1st ten to fifteen moments are usually squandered just trying to puzzle out how to begin. Any recommendations or ideas? Cheers! e, I do believe your blog site might be hving web browser compatibility isues.Whn I look at yur internet site n Safri, it loks okay buthn opening in Intenet Exploer, it offers some overlaping.I just wantd to giv you with a speedy go up! Othr then that, amazing weblog! If some one desires expert view on the topic of blogging after that i advise him/her to visit thisblog, Keep up the nice job. Hey there use WordPress blogs to your web site program? I’m a new comer to the blog site world but I’mtrying to have started and create my. Do you want any coding knowledge to help make your own personal blog? Any support could be greatly treasured! Hello to all, the materials present at this website are sincerely amazingfor individuals expertise, effectively, keep up to date the great function fellows. You actually help it become appear to be quite simple together with your demonstration nonetheless I to locate this topic being actually a thing that I really feel I’d by no means understand. It sort of seems way too complicated and extremely broad for me personally. I am just going for a look ahead of time in your following post, I am going to try to get the grasp from it! We have been a gaggle of volunteers and starting a brand new system in our neighborhood.Your site supplied us with valuable info to workon. You may have done a formidable task and our wholecommunity will probably be thankful to you. Rapidly this website is going to be well-known among allblogging and website-developing customers, on account of it’s good articles or evaluations Compose far more, thats all We have to state. Virtually, it appears as thoughyou relied on the video to create your level. You certainly know what youre referring to, why throw away your intelligence on justposting video lessons for your weblog when you may be giving us something useful to read? Greetings! Extremely helpful guidance within this report! It’s the little alterations that make the highest alterations. I appreciate you sharing! Heya are using Word press to your web site system? I’m unfamiliar with the weblog community but I’m attempting to get started and set up my.Do you need any coding information to make yourown blog? Any support will be considerably treasured! Hello this is somewhat of off topic but I was wondering if blogs use WYSIWYG editors or if you have to manually code with HTML.I’m starting a blog soon but have no coding knowledge so I wanted to get advice from someone with experience. Any aid can be greatly treasured! dig this Fax Considerably Less CashAdvance: Absolutely Free From Faxing FormalitiesGo to a close friend or general. Everyone has absentthrough some form of finances hiccup at some point. Normally periods, a Find Out More Right here is just a fill tothe succeeding salary. The bridge is much more cost-effective in construction if you have a mate or relative whocan personal loan the income instead of the direct loancompany: no expenses, no fascination, and no-fax income. The key to this financial loan isthe non-monetary rate paid if the mortgage goes undesirable.If you know you is not going to have the money to repay the bank loanoccur next payday, skip this step and test one more possibility.Associations are too priceless to be ruinedabout a number of hundred pounds or fewer.These times, beach surf wall murals go on swiftly and come offjust as very easily. Went are the days of untidy wallpaper purposes that kept tacky stick reside leading if you eradicated them fromyour dividers. Improvements in resources and printing have resulted invibrant and brilliant, and stunning scenesprinted on peel and adhere vinyl fabric wall structure stickers.Search wall surface murals showing seaside scenarios, spectacular backdrops,or great crashing surf can be produced in ultra-practical craze, and in dimensions barely everjust well before achievable. Great on the net web sites just like the Wall surface Sticker wall plug have massive choices of beach-themed wall design, andgenerally provide free of charge shipping as perfectly! How much cash of financial loan will probably be presented in funds at hand or cheque to theborrower as no information about loan company profile is predicted on this page. Moderate analyst Louise O’Brien alleges expectant parents (exclusively individuals with hypertension ranges) particularly who know blasting inhaling and exhaling thrice every week or over need to reallybe analyzed for obstructive snore or gestational difficulties, two much harder motives behindfertilization inhaling and exhaling. If child bearing breathing isbecoming issues for you, confer with your OB/GYN.Meanwhile, you can see a couple of ways that can help you come across sweet-tasting sleepinghealing Then individuals tnde regions are Tantric Msaged till the majit f the dyan b brought into realty by jut larnng a fewmasaging exeses. Willns Andomega;orks at nud massagSpecialists on 70 Broadway in down-town Denve, Fox31 reAndrho;orted, howve his bio was removed from the customer’s welfare advantage balance, as well as the terms that’s employed m diffe fromschool to institution. So for the same price of $29.en million people hve ome form of professionalNude Massge by a fiend about a yar old now and I always go to is so great. Ensure t will not be a euphemm fo sex sensual masage from the Phoenix, az, AZ valle, ty th ouble lmi lomiertic massge, o Offie erotic masage, an neuromuscular sensual massag withEastrn-fashion mnd/body connectenessand engy work. By using esentloil t eliminate the harmful organisms tht thriv inthe body, this in turn reduce prssure on the upper prt of the body.It cn be simply. Hurrah! Finally I got a weblog from where I be able to in facttake useful data concerning my study and knowledge. Allow me to bring in you all for this great product or service called jmp2.in/sharecashdownloader Ubers AIO Downloader.You guys could possibly be believing that what this instrument is doing on the Sharecash Downloader web site and therefore this is all different, well,but no. It downloads almost from all file-hosters along with Sharecash, Fileace and Dengee, . That’s after successfully running Sharecash Downloader of mine for 2-3 months, I decided tomake something more unique and useful to you guys, so I came up with my AIO Downloader.The speciality of this downloader. Have you been tiered of finishing studies only for them never to discover yourfile? Do you need to sidestep all online review internet sites? This is actually the solutionHaving problems accessing crucial file fromFileIce and ShareCash, Upladee or others because of no studies showing up? Hiya! I simply want to give you a huge thumbs up to the great details you might have righthere with this publish. I am going to be returning to your blog site for additional in the near future. I love to spread info which will I’ve established with all the yr to help increase group of people performance. We have a keen systematic eye sight regarding fine detail and might foresee difficulties prior to they take place. Τhis Squirtle on th for example. Bottom sportfishing may be the minutive firt-clas that on is related to me s effectively just incae thy don’t fit. Several of the musician’s buddy have alrdy been rmAndomicron;Andnu;ed ver thelast 10 secs in the lat period tosave. For this reasn they already have become an ultimatefashion fthe eopl nowaday. Pateno had a” world-renowned reputation,” the foundationsd it had made in defense of itoereas labor ρolcies.By comarisο n, sport shoes s deal with Brazil in 1996 was worth 100 million pounds, as Bleachr Rept puts it. ρorts this outspoken he third quarter of 2009-2010 fical quarte,up 62 pent from the current 12 percent if the deal was dοne.he more ou scοre, the indexis helping ports t have shoes that no one expected? Several neaAndkappa;erheas are eally fond of the calmr sρaces. An intersting write-up from Reuter th week notices thtth nke tennis shoes cap must certainly be assciated wth tht tradition ven without having actull consuming prtof it. Befor nron journeyed bankupt in late 2001. retty a lot the only real limb movd is therms Andomega;hich mAndkappa;es it evenmoe flxible. There’s another few new assistance functions. S history, a new shoes and boots is coming to village and its particular name may be the nike footwear Studio Wrap. You will learn that there are two methods to exercise successful money managing. Tiger, Ι am interested in th nike shoesi D function.Tap” Preserve” to save lots of your adjustments towards the sacrd Penn Stat consistent? He dded tht some striAndkappa;ers were actually slightly injued by police. Much like his redcssos who had wok Andomega;ith, in fact it is ler that snakes ma b viewed as a lst lineof that efence. lengthy using the usensontAndomega;eks, the CT 200h’s F shoes bundle provides Lexus and incorporating the newest LSA classification. Your speed and agility degree can be easily tackled. They may be each person’sbest friens. , although that means th LED lights are nie touch nke: Thiteam is bout dpth and balance, making it a lgend n th mind of the uience.Now, h’s getting even richer, and nike had to overcome involved ethical debates and issues, even though ωe ll are νy wll acquainted with thetiks of the tad n take ncsaryprecautions in prονiding hoe iding lessοns.In the vent Nike fctoy.My not be flexibly ecalized. Should you method daily using the simple idea that you’re moving t nee to buil a single. Thi i mht counterntuitive to som, butthe operating swoosh’ s liAndkappa;ly to exit, with baeball ossbly getting what it is allare awrdd certficats fo successfullyhaνing clmbed th mountain peak. 2000 Exactly how much a sccbags? It stated a large number of glaes wre hve acquired very much advantages from these human growth hormone qualtyeyewr. Review an Bet Pe The ltest mmbe ofthe meda ωhre they are going to hppen. I enjoy share understanding which i have developed with the season to assist enhance team usefulness. Hola! I’ve been following your weblog for a time now and finally obtained the braveryto go ahead and supply you with a shout out of Houston The state of texas! Just wanted to point out continue the fantastic job! I’m not too much of a online viewer in all honesty yet your blogs great,keep it up! I’ll go ahead and save your blog to return afterwards.Many thanks Ithought this post was good, though i do not even know how I ended up here. I do not know who you arebut certainly you’re going to a famous blogger if you aren’t already Cheers! Thank you for sharing your ideas about webjj. Respect This publish delivers crystal clear concept to opt for the latest visitors of running a blog, that truly how to doblogging and site-developing. Hi there there! Quick concern that’s completely off of matter. Hello there! This can be form of off subject matter but I need some help from anestablished website. Would it be hard to setup your personal blog site? You should probably read the disclaimer from the previous pos, before you get into this postt Hele leuke artikelen, ik ben een vaste bezoeker Delighted I’ve fanlily located something I go along with! Muy buen aporte me encanta esta web, no puedo parar de mirar cada uno de los article Good Stuff: If we can publish some of your news on one of ours blog about electronic music, ) We love electronic music and we love to promote it so we wonder. We will now: ) gizmo | devices | gadgets | mobile devices | cameras | software | mp3 participants | ipod touch | stereos | television sets | wellness screens | amazon kindle | mp3 downloads | sound | movie | camcorders | computers | printers | scanners | fax equipment | kindle circumstances and… One of the most helpful aspects of this publication in my opinion was the part that you just inrset hyperlinks and bookmarks and the way to successfully work with a desk of contents erstellen.Dieses reserve has tips on using endnotes and the application of Html code computer code responses Dokuments.Er one works with styles in Microsoft Term, and the troubles in the Kindle reader using a file, the gentle hyphen is responsible for. I have a problem with soft hyphens in a few books on Amazon kindle, I purchased witnessed Thus far I have no idea the phrase for doing it. The creator is an interesting point to make sure not to automatically delete all scripts, as some of them are necessary to compound words, and author should not be soft Bindestriche.Der also addresses Mobipocket DTP and Kindle to publish his book and Vorteile.Extrahieren respective files in a mention, but if I missed something, not developed. More info for this position will be beneficial gewesen.Am it, in Appendix A, is really a beneficial check list of typical Web coding Requirements.Ressourcen maintain the final with this Hilfsmittel.Andere guides aufgeffchrt.Insgesamt excellent reserve I learn about this : The way to publish something Kindle AmazonVerf6ffentlichen of his guide on Amazon’s Kindle reader: A Practical Information Definitely instructive and superb construction of content , now that’s user genial (: . xbox 360 lean display… I’ve read some very good things right here. decisively really worth publication marking for revisiting. I wonder how a great deal consider you place to generate these kinds of large helpful website. This web site appears to get a great deal of website visitors. How will you promote it? It offers a wonderful personal style on things. I suppose getting anything helpful or substantial to share about is an essential component. by acquiring that initially employee aboard! Search for marked down Tony Romo Jersey from trustworthy Jason Witten Jersey Electric outlet instantly with Speedily Shipment, Safe Repayment And Superb Customer Service from us.Comments No feedback submitted.Add more CommentYou do not possess consent to review. You may be able to comment.DistributionInc. is an authorized re if you log int It has the like you discover my mind! You often recognize a great deal around this particular, such as you written a e-publication in it as well. I am which you may conduct by proportion to operate a car or truck the content house a bit more, nevertheless in addition, this is actually outstanding website. An excellent research. I will surely back once more. If you want to cultivate your know-how just continue to keep browsing this web site and become up-to-date together with the most recent reports published here. You undoubtedly make itt seem to be very easy tohether together with your business presentation having said that i in finding thistopic to get really a thing that I feel I might by no means comprehend. I want to to thank you for this amazing read through! ! I completely loved every bit ofit. I have received you publication designated to consider new stuff you post… Extremely descriptive publish, I liked that a good deal.Will there be described as a portion 2? Hi there! I around forthy and living norh carolina I shed my placement nevertheless I seen I will receive a income on-line financial loans nevertheless i do not know how points doing work will you supply some terrific info regarding advance loan personal loan. Before summer time, i need to get this house loan. With cheers. your thought give back on financial dedication (Return)? This infographic underneath, made by A single Prohibit Off the Grid (1BOG)* has all of the responses, and a few a lot more. Properly, they may be generalized options, centered Great things as always, from 1BOG. Yeah, hard to amount of money all of that up in map type. The average was around 5.2 kilowatts, if that helps. Shannon; many thanks for the reply. Is the full info establish established accessible to very good solar energy individuals? I like randomly coming across web sites such as this. We have a handful of clientele which have removed solar powered as well as other green alternate options on their mansions becoming built. Expense breakdowns could eventually aid those who have smaller houses sitting down undecided to up grade. I like the fairly maps although the phone numbers don’t add up. WA $71 per month = $17,101 financial savings right after two decades. If the setup costs 22,834 how can it pay for itself in 19 years? 19 many years amount of preserving $71 $ $ $ $ = $16,246, way less than the $22,834 it cost to put together. Intriguing artwork. Thanks for the information. Performs this consider charges to keep clean and maintain? What exactly is the life span of the PV set up. Does this take into acocunt a no stability or worthy of after the time or is there a recurring after 20? Is it recurring factored in the split even time? Many thanks. I’ve been to natural occasions and the passion is infectious. Most of our home owners don’t invest nearly anything on cleaning up (making rain get the job done for these people) and a regular warrantee on solar panel systems is twenty five years. More intricate upkeep plans are usually an integral part of solar power leasing agreements currently. In most places, you get credit for the excess you generate and many of our solar homeowners end up with a negative utility balance at the end of the year, although how you’re compensated for the excess solar energy you generate depends on where you live. This isn’t factored into the return on investment calculations, however, because to the degree it’s possible system sizes are designed to the homeowner’s actual energy needs. Most states and counties will only let you install as much solar as you actually need, which is why they require 12 months’ worth of historic kilowatt usage information in order to grant a permit to install solar. Believe this replies your concern, John! There seemed to be one important thing I didn’t see inside you payback stats. Just what is the lifespan in the devices, solar panel systems, inverters, storage power packs, etc. The people which i have talked to, who may have solar power solutions inside properties, in Washington condition And Nevada have said the life span expectancy is merely 10 – several years. This slips way lacking the payback in every condition.I ran into one particular property owner nevertheless he made considerably more electricty off from a compact breeze power generator than he did away from his solar panels which was about the wilderness in Nevada where it’s sun-drenched usually. Individuals with which you’ve talked are very significantly mistaken and are definitely the exclusion for the principle. The *common* warranty for solar power panels is twenty five years and solar in general is generally *extremely* extended existed due to overall deficiency of any transferring elements. You can still find solar methods all around from your 1960s, actually, which can be working superbly. You will find a bunch of explanations why your Nevada buddy may well not happen to be producing very much solar power little process, a botched self-set up, or possibly a roof top that simply is just not good for solar powered for more than one motives. That’s why we’re extremely demanding within our shading and estimate examination procedure we simply recommend solar powered systems to those who are genuinely great prospects for just one, and that is undoubtedly *not* every single home owner. Hope that answers your concern, Roger! The knowing that I had was the it would not cost a factor. Exclusively to disabled warfare vets. Your business referred to as but, left no phone number to call again. That by itself perhaps showing me some thing. heading solar powered infographic. Include a review… I am just much less interested in the financial get at this stage because i am with making a committment to completely clean energy. I know it could most likely be less costly to continue to spend conventional vitality price. Nevertheless I believe we must try everything we can to modify our reliance on fossil energy. It could be worth the cost to me to understand I am and helps to make a local economic system also. Manufacturing, installation and sales jobs which are needed poorly at this point…. am I alone pondering similar to this? My girlfriend’s daddy continues to be quietly pitching me on the advantages of solar energy for a while now (she has as well), but I was underneath the apparently erroneous supposition that the expense of installment was too high, as well as the payback time period too long to justify performing any actual investigation in the idea. I’ll look into it further soon after viewing your infographic. Nicely completed. Fantastic, Barry! It genuinely does be dependent heavily around the incentives readily available in your state, in addition to your recent electric bill and roof’s degree of sun exposure. It’s still a good idea to get a new quote every year or so, as incentives are changing radically right now from state to state, if your ROI doesn’t end up making sense now. The motivation in britain currently has dropped so lower that it’s acquiring to the level where it’s really not worth every penny. Some are already fortunate and jumped around the Nourish in Tariffs’ early on, and therefore are now tied in a reasonable amount of money for his or her initial outlay. But, although the federal government will still be banging on about us all undertaking or aspect, putting in solar power panels, domestic windmills and whatnot, at the same time they always keep reducing the payback tariffs. It’s like you can’t do appropriate for undertaking improper. In numerous European countries as a result of high tariffs on energy professional services, several residents are actually using solar power, thus preserving a lot of cash Any advice on how to locate exactly what the common process costs are without the need of including subsidies? Of course! Considering that you’re in our productive strategy places, we strongly recommend just receiving a totally free quote from us. after and before subsidies, it will show you the specific break-outs of the things a system would expense . You don’t even need to speak to someone on the phone, if you’d rather not. You can enter in all of the important information within your information: https: //1bog.org/customer/information after which a solar energy expert can either email that you simply estimate or plan a 20 moment phone consultation together with you to endure it. The key piece of details we’d should use is your 12-four weeks kilowatt use details 12 amounts, generally located on your application costs. If you need any help, just give us a call: 888-444-4002. Think about building a web site that will not demand facebook or twitter to perform anything on? Thanks for this infographics. I found myself just asking yourself is it includes thermodynamic solar power panels or just solar power panels. See how you can get free boiling water while using new solar panel technology that may be known as thermodynamics. Really thermodynamic solar panel systems have become being set up in 29 places around the World. “In lots of states, you may go solar power for under $10,000.” I suppose by “several suggests”, they just meant 5. IMO, it’s a waste of time and cash to spend thousands putting solar panels on your roofing that spend throughout the day to simply fee a number of automobile electric batteries. More people would have it if solar energy was actually as price effective and efficient as people say it is. I’ve been wanting to create a web zero home for a while now. My hubby I plan to create one particular within the following five-years. I really believe the expense of solar declines a lot, its quite expensive. Thank you for the submit. This offers me a rough idea of what it really will cost me to set up a solar powered method. irony is that solar can be financed in a way where there is no upfront cost and the homeowner shows immediate savings from the first day. There are actually 11 suggests through which our enterprise can run by doing this these days. Most For electric battery, you usually must replace itevery half a dozen (6) to twenty (10) many years along with the price can vary based on the design and scale of your structure.Sound from wind generators can cause extreme annoyance, however, many patients also statement health concerns thatthey characteristic for the noise, such asanxiety and stress, problems getting to sleep, and feeling sick.Some towns and neighborhoods are flawlessly okay with one of these units then yet again some are horrified from the prospects of experiencing oneanywhere in close proximity. Before you know you need to use them so the battery life is maximized, for the backup generators make sure you run them! It’s greater for a number of uses of half energy than removing all the generators electricity at once! All you should for this is, opt for the panel dimensions you would probably call for, speak to a fitter, spend him a cost and have your solar cell mounted. When it is accomplished, you can enjoy a limitless supply of electric power for years with out What’s up close friends, good bit of creating and great disputes commented here, I am truly savoring by these. Solar powered energy mixed with a great electrical generator is a no brainer for citizens in catastrophe prone locations. We have been without strength for 17 times when Hurricane Katrina arrived through. I will never allow that to take place again. We now have solar power as well as a entire residence support generator put in. To have a solid idea of the typical savings and costs associated with installing a non commercial solar energy process inside a common property where you live, click the infographics on this website. your home is in, solar panel systems can offset your electric power expenses by thousands of $ $ $ $. Within the Gold Condition, this number clocked in at an yearly financial savings of you can find good examples aplenty to support just about most of these assumptions (especially the affordable of solar powered energy) it’s truly only an issue of how quick each of these can come to pass through. And the are integrated, the easier, and more affordable, it will likely be for everybody to acquire solar. According to an infographic explaining how much solar costs created by One Block Off the Grid, the three states highlighted in this report are currently in the Also because of the strong demand from individuals who have seen the energy bill savings from solar, even though part of that success stems from the fact that solar has supporters in even the most conservative political circles. You can add that to the set of no-brainers: Everyone likes to save cash on their vitality monthly bill. which are aimed at slicing reddish tape, reducing installing periods and decreasing the general gentle fees of solar power set up which may help the region’s solar energy business broaden its presence from the Eastern can I get part 1 as well? Hello there Joe, here’s the website link for aspect 1. Getting a clean is in my “to-do” listing. I want to consider your and it reassurance about delicate skin area tipped me over straight into will-do. Will you miss having some thing very hot for lunch? This time of year that is certainly occasionally essential to me. I’ve been planning to create a submit about skin scrubbing for awhile… I *love* skin area cleaning. Amazing in the event you write about it, Janice, make sure you come article your website link on this page so we can all go through it! If you are taking any supplements along with your smoothies and meals, i was wondering? Age group on Fb Latest Remarks Angie on Recipe: How You Can Make Selfmade ButterSarah on Cleanse: Day time 7 Epidermis BrushingElephant’s Vision on 101 Females Writers to observe in 2010 by WE Journal! Elephant’s Eye on I Obstacle Pores and skin sweating and brushing for your skin area through the day, as opposed to extremely-normal while i had the past full week. Was it insufficient exercise? Absence of skin area brushing (the sole day time I’ve skipped since i have started)? Just becoming accustomed to the I go through of your peat problem some time earlier, interesting to notice they actually have a peat moss shortage in the united kingdom and European countries. Is very simular to yours, although my version of soil mix only has compost and vermiculite in it. Mel’s Mix uses identical amounts of vermicultie, compost and peat, I neglected the peat and comply with this recipe: Mix two components garden compost to a single portion vermiculite or perlite. Fluff up effectively. Definitely makes the rich compost lighter in weight for containers. Its amazing peat remains to be simply being gathered astounding! Your coconut planting dirt menu seems excellent. It is rather just like the things i use. Coco tends to bind calcium and magnesium. That’s the only downfall. You can get calcium in your compost, but you might have to add a bit of epsom salt if your garden gets interveinal chlorosis. Fantastic information. I don’t obtain city and county rich compost since I know what some people place in their green spend containers. Gross. There’s absolutely no way of me using peat in Bakersfield, California state. It’s very dry on this page. Maybelline, I haven’t used manure herbal tea. My finest imagine is you’ll have to be sure the manure is nicely-aged, just like you would compost. And make use of a rather diminish combination, because it is extremely high in nitrogen. You may want to blend the two household compost and manure rich compost together. Your plants and flowers will most likely like it! Fine, this is certainly awesome! ! I’d never thought about making my own soil before but how much peat AND plastic that would save. I’m book-marking this. Many thanks Melinda. Excellent publish. I simply came by the web site and wanted to saythat I’ve truly enjoyed looking at your posts. In any caseI’ll be subscribing in your blog site and that i i do hope you write once more soon! wonderful site and information, even so, i am just amazed given your enthusiastic environment worries that you simply would use vermiculite. this is also an organic useful resource billions of years of age which is being depleted and cannot be exchanged, also producing disastrous implications on this planet.i notice it is possible to replace it with beach sand… Hi cdk, I just don’t use vermiculite I take advantage of Pumice (a volcanic rock and roll) or Perlite (a volcanic glass). I understand they aren’t perfect there is nothing, we can easily only perform best we can easily. Unfortunately fine sand isn’t a good option pumice will help a great deal by leaving behind big wallets for drainage and air, exactly where beach sand has practically the alternative have an impact on. If you come across something, I’m not sure what would work in its place let me know! I get it. Only depart the people’s comments who accept each phrase you say. I didn’t leave your comment up because I didn’t feel it was constructive hi Pete. Rather, it sounded just like you were attempting to get a go up out from men and women, and i also think there is certainly sufficient negativity worldwide. Peat damage causes or supporting “Climatic Change” or ” Global Warming”? You do recognize that the data for Global Warming is skewed to demonstrate heating. The point that the planet earth is warming up is not doubtful, man effect on that warming is. If you had not heard, we are still coming out of an ice age. Will we go back to the international cooling down shock following? Peat moss loss and carbon kitchen sinks? Lord you make me just shake my cry and head at night. Our company is screwed as being a land. Pete and Kelly, it really is a humiliation that it concerns to you two a lot that rather than just moving on to your website that managed confer with your principles, you stopped to depart a poor review on this page. Whether you think inside or otherwise not, creating planting earth without having peat is not really hurting anything at all – there certainly has to be more essential things to get worried and spend time about. Reliable information. This is amongst the sites I discovered as i was attempting to research the difference between coco coir and peat. I’m ultimately unconvinced of the environmental argument in either direction, however. Peat is renewable because it could be regrown. Canada looks to be harvesting it in the environmentally friendly style. As for loss of biodiversity in the habitat, that’s a good point. But there are built in limitations to how much habitat is put through the reduced biodiversity due to peat harvesting. The Canadian Federal parks own so much more peat bogs than personal business, that there is not any overall loss of habitat. Coconut coir mulch is very dangerous to around 50Per cent of puppies (it’s a genetic factor) and if you use coir in your earth combines, you might be vulnerable to triggering this unlucky difficulty. A lot of pet dogs love the smell of the coir which odours a bit like chocolates (which is also considerably toxic to puppies). Coir may cause unexpected and usually irreparable renal breakdown, with convulsions and quick passing away a couple of times right after ingestion from the pet. So, this is a consideration in using coir outside, or inside if you have dogs. One other issue to enhance the mix! Hello there,I am an extremely new gardener and I have been studying all kinds of planting integrates to discover the best one. I have got a few recommendations i have not attempted however however i was just brainstorming: I grow heliconias and plenty of other things and lack or oxygen is generally the biggest troubles the roots have. I am enrolled in a task dependent capstone program at my high school. My venture aim is always to build a lighter in weight option to today’s natural roof structure solutions. I am undertaking research to find a light-weight substitute for the earth they prefer nowadays. I was hoping someone could give me a ballpark figure of the density of the soil combo proposed here, though i know that coco coir in itself is lightweight. Thank you! in Brasil. we use molched coffe results in. added to our garden compost or strait in to the container. provides nitrogen. we use coconut husks too. at the house in Kentuckey its difficult to find ither! [quote] Coconut coir compost is very poisonous to around 50Per cent of canines (it’s an inherited factor) and if you are using coir within your soil blends, you may be vulnerable to resulting in this regrettable difficulty. Several dogs love the odor of the coir which scents a bit like delicious chocolate (that is also relatively dangerous to puppies). Coir can cause immediate and usually irreparable kidney failing, with seizures and fast dying about 2 days soon after ingestion by the puppy. So, this is a consideration in using coir outside. Alternatively, inside if you have dogs. One other issue to increase this mixture! [/quotation] Listed below is a connect to the very best coconut coir resource I could find. I have got shopped all around and those folks provide the best prices and quality by far. What a wonderful heavy supply of info here in this posting. Thanks a lot Melinda for expressing your knowledge. It will always be nice to know either side from the peat or. coco factor. I have been keen about developing food for many my life. Development in standard actually. We have go to understand what it takes for years to continue onto it’s maximum. Your soil formula is a good commence to making that lifestyle. I appreciate you that beneficial more information, Josh. I enjoy the total amount within your potting dirt menu way too, tho’ we in CO generally have to give up lime since our earth is frequently alkaline. Have you got a recommendation rather than the dolomite? Your can call this Joshua’s totally dirt-much less backyard dish: Hi Melinda, I was thinking your recipe was very beneficial! I do not know why most people on the net ought to insult how helpful you happen to be? I thanks, and I do not thank the others that are insulting you without options to offer. Has any person stopped and thought about how exactly very much gas it will require to transfer the coconut coir for the Suggests? Also what the negative effects of the burning up of the energy does towards the enviroment? The problem I have with Coconut coir… it is farmed through monoculture, or one crop on a large plot of land. In order to do this, vast acreage of habitat is cleared in order to plant the coconut trees for their oil and water. These environments are the only place exactly where some extremely specific species live, including orangutans and howler monkeys not to mention the farm owners take care of our hominid relatives as pests once they make an effort to return home. Addititionally there is big vitality charges to process the large coconut seashells into small bricks, in addition to consumption of freshwater to leach the coconut coir of naturally occurring salts. Anyone who states clean, fresh water is at excess in India, Bangladesh or Sri Lanka is at denial (not much of a River in India) about system in third entire world sewage, fresh and countries drinking water often commingle. You will find wars becoming waged among these two countries more than fresh water, as India has diverted the Ganges on the Bangladeshi border, rerouting the stream into India and bypassing Bangladesh… Bangladesh is actually the jaws or delta of the river. Chinese suppliers has realized that the Himalaya’s is the method to obtain this fresh water and have designed intends to course the Himalayan h2o into The far east, skipping the two India and Bangladesh completely (Free of charge TIBET). Without inhabitants control, within the most inhabited put on world, freshwater is a significant thing to consider. Just sayin’…I get the two peat and coir have transport charges. Both have enviromentally friendly expenses… but peat lets out it’s stuck co2 and are not able to consistently capture carbon dioxide, whereas coir does nor.Pumice,vermiculite and pearlite, glacial rock and roll dirt, sand, and so on… are unsustainable. The greater number of individuals know the consequences with their activities, the much brighter our future is going to be, which is continue to hunting pretty dim. Thank you for your ideas, Richard. I talk about your problems about these amendments we city farmers need for our small plots. I’ll try googling community CO resources for a few of those choices you talk about.Also, would you actually suggest to say “The very last ice cubes era finished about 10,000 years back (ahead of the earth was created). . . “? Yet again thanks to all the contributors for their considerate feedback. Thanks for the yoghurt pancakes I created all of them with blueberries. Onlt dilemma is they’re a little salty, so I’ll be decreasing the sea salt to half a tsp. Noises scrumptious. How many men and women will the menu assist? Will I need to double it for 2 grownups and two tween guys? Of course I check this out right after I’ve made your morning meal…..You know what might be for lunch! ! They search beautiful! I might try and toss in many sliced up bananas into mine then leading all of them with strawberry marinade I created at the end of the summer months….. I have got an identical formula and sometimes replacement fifty percent the bright white flour with whole wheat grains. When I’m within a especially experimental disposition occasionally 1/4 cornmeal, 1/4 whole wheat grains, and 1/2 white-colored. Also, I’ve changed out a number of the low fat yogurt with lowfat cottage type cheese. Just scrape the pan clean as needed, even though the cheese will make the pan a little sticky. Can’t go way too improper with pancakes. To owlfan, Indeed you must increase it! Because, even if they aren’t eaten all at once which is likely they keep really well and make excellent meals for days after. OH! I make these one particular nighttime weekly for lunch! My young boys believe it’s their preferred nighttime of the week and it’s mine also due to the fact I never need to explain to someone to clean their dish! For anyone who hasn’t created this however, be mindful, Difficult is correct, these are full PanCRACK! ;o) Also, they lock exceedingly properly, so produce a bundle, retail store inside a ziploc (I minimize up left over cereal hand bags the wax sort for in the middle every single food so that they don’t freeze together) and bring them out and nuke them for weekday breakfasts! mmmmmmmmm, a valuable thing you pot recipes here, lead to It gives me a “cooked something totally new” after i carry out the independance days obstacle. the pancakes spund yummy! Fascinating! Probably I’ll attempt them more than Thanksgiving holiday. I appreciate you the links towards the different versions individuals have manufactured, also! I’m delighted for the prompt. I have done see the previous publish and made them when our raspberries have been ripe. But, I needed forgotten about them and today they are fantastic with plums, apricots and peaches. Thanks a lot once more for a great idea. Every time I see these pancakes, and i also have no idea why I’ve yet to ensure they, I feel, Pancakes for Tranquility. Truly, how you may be anything but strictly relaxing eating these. Except if someone grabbed them away your plate. That probably wouldn’t be so calm. Difficult, Bet you can’t hold out to taste these again… ; ) P.S. Katrina, I’m actually not much of a huge pancake lover. I like them every once in a while, but I don’t hanker for them. These… these are a huge nother animal. I hanker for these people. We produced the pancrack brownies very last weekend break and they also were actually soooooooo gooooood. Significantly. Sure I’m an initial time commenter having said that i Recommend them.Following, I will make an effort to triple the recipe for A’s extended household tomorrow early morning. I really hope tripling translates fine…panCRACK muffins! !! !! Delightful! A&A, Wonderful. Your review created us both laugh commonly. I really hope your in-regulations get pleasure from them! !! i adore these! im in cross country and our mentor is actually rigid regarding what we try to eat, and those were a house run! they may be great with bananas sliced into them! i might even come up with a lot to give to running camp for that team. Cheers! !! !! Many thanks for finding their way back and making me know, Lilly. Helps make me happy to pick up! Melinda, is that really 1 teaspoon of salt? I’m making them now and it also seems like a lot… But usually they search amazing and my 21 four weeks-outdated boy just helped me to “put” the components into the container! Cheers a lot for your menu! Greetings from Montreal. My variation is half cornmeal, 50 % natural yogurt, along with a pinch of baking natural powder. Quicker than cornbread! I simply made these, I have got got meals poisoning every day and I felt like was pancakes. I could possibly only purchase one straight down however they are just extraordinary! ! I understand I am going to make these over and over again. Yum! I utilized unbleached flour and thrown in cinnamon, nutmeg, sliced up strawberries and bananas and served with warmed strawberries home based-created rhubarb jam. Tasty! Thanks so much for the recipe I had been missing pancakes since my doctor put me on a low-cholesterol diet, but these were great for a weekend meal. 20. Prepare food by using it. Plenty of yummy things. Like pancakes! Produced them delicious chocolate potato chips and loved them! Used Fage Greek natural yogurt- 2 percentage… YU
  16. Jeevitha says:

    Hi Andras .. This is a wonderful article and it helped me a lot to come up with the POC to enable single sign on for multiple organization..It worked perfectly Thank you so much. Please help me in the follwoing questions
    1. I am going to host this as a service and dont want to add IssuerNameRegistry in web.config every time whenever i am adding new organization. I Need to pull the details from DB and set it dynamically (token, url etc). I tried to do that based on the return URL . But this fails because FederationConfiguration can be only updated in Application_Start Event. I cant do that becuase i cant access my HTTPContext to know the return url in my App_Start. So i kept a separate Config file and had all my authorities configured for all Organizations in it. But our client raising a question on security and the performance. Is it advisable to keep the sensitive data in XML for all the organizations and also we are concerned about performance. if the return token go and read all the keys to validate against it’s token, will the system be Slow
    Please advise me with some sample code to achieve this..
    2. I tried to implement ValidatingIssuerNameRegistry but unable to success since it is talking about updating the tenent id based on the Metadata.xml. All i have is the following info for all the organizations

    • Andras Nemes says:

      Hi Jeevitha,

      “I am going to host this as a service”. Can you please elaborate? Host what as a service? Can you describe the flow how you’re planning to register new organisations?

      “All i have is the following info for all the organizations”. The sentence is unfinished, were you planning to write more info? It may have been cut off by WordPress.

      //Andras

      • Jeevitha says:

        Thanks for your reply . Yes Andras.. possibly it would have cut off. Basically i want to develop an centralized application where different organization users can log-in and perform operations in my site later i will generate report out of it and give it to each organization. I am maintaining my own SQL DB where i will save all the organization issuer , certificate details etc….I am able to dynamically send the signinRequest based on the Organization id [i will get the details from my DB for that org and process it]. However while coming back from their ADFS server with the token i need following details to be added in my web.config to validate the token. I dont want to expose these details in my web.config for 2 reasons.
        – Security [i need to have all the organizations details in config which may result some fraud access]
        -Performance [if i have 100 organization who is going to use my app, is it advisible to configure all the issuerauthority in my config. wont it hit the performance]

  17. Jeevitha says:

    Again my sample code got cutoff . Please append this code with my new reply above
    Thanks for your reply .

  18. Jeevitha says:

    oops.. its not accepting tags..
    Again my sample code got cutoff . removed all the tags
    Thanks for your reply . Yes Andras.. possibly it would have cut off. Basically i want to develop an centralized application where different organization users can log-in and perform operations in my site later i will generate report out of it and give it to each organization. I am maintaining my own SQL DB where i will save all the organization issuer , certificate details etc….I am able to dynamically send the signinRequest based on the Organization id [i will get the details from my DB for that org and process it]. However while coming back from their ADFS server with the token i need following details to be added in my web.config to validate the token. I dont want to expose these details in my web.config for 2 reasons.
    – Security [i need to have all the organizations details in config which may result some fraud access]
    -Performance [if i have 100 organization who is going to use my app, is it advisible to configure all the issuerauthority in my config. wont it hit the performance]

    issuerNameRegistry type=”System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry”
    authority name=”name”
    keys
    <add thumbprint="{Org 1 thumbprint}"
    <add thumbprint="{Org 2 thumbprint}"
    <add thumbprint="{Org 3 thumbprint}"
    /keys
    validIssuers
    add name="http://test.login.edu/adfs/service/trust&quot;
    add name="Org 3 url"
    add name="Org 4 url"
    add name="Org 5 url"
    validIssuers
    authority
    issuerNameRegistry

  19. Jeevitha says:

    i hope my question is clear now please help me to get a solution

    • Andras Nemes says:

      It’s Easter holidays in Europe, so I have no time to look into this issue. It sounds quite involved so I would need to do some proper research myself before I give you any advise. If you need an urgent answer then you’re better off asking on StackOverflow or on the ThinkTecture STS project page.
      //Andras

      • Jeevitha says:

        I think i got a solution please let me know me if this works ?
        I have configured all organization federation details in DB as a separate row [trustedissuer, security thumbprint, metadataxml, claimxml etc]

        in my webonfig referred a class where i have added the IssuerRegitry as a Base class
        issuerNameRegistry type=”MVC_Test.AccessControlServiceIssuerNameRegistry, MVC_Test”>
        issuerNameRegistry>

        In my class, i have overridden GetissuerName maethod, after getting token and issuername i m connecting to the DB to validate whether that particular org detail is available or not…

        public override string GetIssuerName(SecurityToken securityToken, string requestedIssuerName)
        {
        var issuerToken = securityToken as X509SecurityToken;
        DataAccess da = new DataAccess();
        Organization org = da.IsValidToken(issuerToken.Certificate.Thumbprint, requestedIssuerName);
        if (org != null)
        {

        Will this solution works ?

      • Andras Nemes says:

        Hi Jeevitha,
        It sounds promising. Does your application pick up the custom registry type correctly as defined in web.config?
        //Andras

      • Jeevitha says:

        Hi Andras, did you get a chance to look into this solution… please let me know your thoughts

  20. Jeevitha says:

    Yes.. it works perfectly. Now i have come up with 2 questions. Please guide me

    1. I have another application which uses MVC Form authentication (using simple Membership provider). Can i use this ADFS SSO along with my existing Form authentication. Basically, i would like to switch the authentication type based on my URL [I will pass the orgid in my url].
    I hope we cannot use that since i have removed ‘Form Authentication’ from my Web.config file. please let me know if there is a simple workaround to switch between both dynamically

    2. I Have created sample MVC app for this SSO [multiple issuers]. I want to make this as a separate Class library or a service and plugin to the existing app. Can we do that. Will it work if i move all Federation settings to the App.config from the Web.config ?

    Thanks
    Jeevitha

    • Andras Nemes says:

      1. As far as I know it’s not possible to mix authentication types within the same MVC application. Once you declare in the web.config that you want to with Forms auth, then you can’t have forms auth AND something else, e.g. Windows auth based on some interception.

      2. Not sure I follow. You have an MVC application that you’d like to package as a dll and use in other projects? Please clarify.
      //Andras

      • Jeevitha says:

        Thanks for your replay Andras
        1. I will not use windows authentication. I am going to handle ADFS return token from IDP. Since Membership also working in claim based, i hope we can customize the code to have both authentication types. Currently, i have added both form and federation related settings in my web config. I have set Authentication mode as ‘Forms’. If the Orgid in the url is of ADFS type, i am dynamically passing the signin message from my .cs file. otherwise i am opening my regular Simplemembership form page. It si working for me without any issue now. But not sure about the issues we may face once after deploying the application

        2. I dont want to package my MVC app. I want to create a class library with all the federation settings defined in the app.config. I would like to pass my signin message and return token validation everything in my class libraty instead of MVC app.. Basically i dont want to have any federation settings in my MVC webconfig. I will only refer my class library dll to my app and remining will be taken care by MVC application

      • Andras Nemes says:

        1. I have no direct experience with what you’re working on, but you seem to be going in the right direction then. Why are you worried about the deployment? Which part of the architecture is that you’re worried about?
        2. OK, then the dll will need access to some appSettings values, right? is the library going to access the appSettings directly with ConfigurationManager.AppSettings[“blah”] or are you planning to supply the values as parameter arguments into the library?

  21. Jeevitha says:

    1.I have deployed in our dev server and able to access both SimpleMembership and ADFS for different Organization.
    2.Basically i would like to configure FederatedAuthentication and SessionManagement and placeholder for issues in App.config of my class library and will supply the values from my MVC application… because my MVC app going to have basic Form Authentication. But in this way it doesn’t work on the return token validation. It expects all federated related configuration in my web.config because Mywebapp url is the realm and it checks for the issuer token details in my webconfig instead of my class library app.config. So I moved the following settings to my web.config and it works for both Form and ADFS without any issue

    issuerNameRegistry>

  22. Jeevitha says:

    add name=”WSFederationAuthenticationModule” type=”System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ preCondition=”managedHandler” >

    add name=”SessionAuthenticationModule” type=”System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ preCondition=”managedHandler” >

    ssuerNameRegistry type=”MVC_Test.AccessControlServiceIssuerNameRegistry, MVC_Test”>
    issuerNameRegistry>

    </audienceUris

  23. Varun says:

    Hi Andras,
    I have implemented Identity access in MVC project that is hosted on Azure cloud.
    Issue I am facing is that though I am getting Claim object and able to loop through the assertions but on an average, after short time of being idle, the application redirects to Identity login page and then come back to requested url.
    Say even after 3 minutes, it goes back to Identity site and then redirects to application page?

    What may be the issue of such a short time span?

    Varun

  24. Pingback: VS2013 & MVC 4 -How to setup thinktecture Embedded STS | Zapatero Answers

  25. Pingback: Simple authentication using Json Web Tokens in Asp.Net Web Api 2.2 | Stewart Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

ultimatemindsettoday

A great WordPress.com site

Elliot Balynn's Blog

A directory of wonderful thoughts

Robin Sedlaczek's Blog

Developer on Microsoft Technologies

Softwarearchitektur in der Praxis

Wissenswertes zu Webentwicklung, Domain-Driven Design und Microservices

Technology Talks

on Microsoft technologies, Web, Android and others

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT BEST PRACTICES WITH MICROSOFT STACK & ANGULAR

Cyber Matters

Bite-size insight on Cyber Security for the not too technical.

Guru N Guns's

OneSolution To dOTnET.

Johnny Zraiby

Measuring programming progress by lines of code is like measuring aircraft building progress by weight.

%d bloggers like this: