Steps to update ADFS service account - adfs

Due to bad implementation we require to update ADFS (4.0) service account in Windows 2016.
Please specify steps or refer documentation or link to update ADFS service account. Looking for steps to update this manually.
Thanks in advance !
Regards,
Vinod Joshi

Kindly check this Github module to change the service account for ADFS 2016.
Before that is done, it is best practice to take a back-up of the servers, by using this adfs rapid restore tool.

Related

Latest version of Microsoft Office block MS-OFBA requests

In regards to the following message in Office 365 (and Office apps):
To help provide additional security coverage, we are changing how
form-based authentication in Office applications is handled.
Forms-based authentication is a legacy authentication method for
Office resources that are not protected by Azure Active Directory
(AAD) or Microsoft account (MSA).
A new update was recently rolled out across the suite which impedes users from accessing servers which implement MS-OFBA, citing it as insecure.
If this is the case, what is the preferred way of authenticating users against a WebDAV service?
Unfortunately, we do not know any solution for this issue currently. Authentication against Azure AD does not help - this message appears anyway. Also, Microsoft did not provide an alternative for MS-OFBA as war as we know. Fortunately, you just need one click and this message does not show any more.
Hmm, there must be a way around this problem.
If we use Azure AD to authenticate against our WebDAV-server (such as IT Hit WebDAV), then isn't this exactly what we have when we use Office apps against documents stored in SharePoint Online (which in a sense is a webdav server protected by Azure AD)? And in that case, there is no warning.
I believe that it must be possible to do what Microsoft does here, I don't think they have legal rights to use "back-doors" to implement things that other companies can't. Have you investigated this, IT HIT?

ADFS Single Sign On can be developed on third party shared hosting server

This question might be silly but needs to know prerequisite before I start reading any documentation of ADFS SSO Integration using asp.net 4.0. So please tell me whether it is possible or not to develop / deploy such kind of system in shared hosting services.
Define shared-hosting services.
If you mean something like Azure, the answer is yes. You can run ADFS in a VM.
ADFS requires Windows server to run.

How to secure IdentityManager with IdentityServer v3

Brock Allen released the new beta version of IdentityManager last week. There are quite some changes in the security model, so the configuration also changed.
He even took some videos (Setting up ASP.NET Identity and Security and IdentityManager) on how to configure the new version properly. These well explain the usage in a classic ASP.NET MVC application, and also ADFS setup, but I couldn't find any help or sample code about how to make it work side by side with Identity Server v3.
Can you please share your experiences configuring IdMgr's remote access with the help of IdSrv3?
After posting that question, I opened an issue on Github and had some chat on IdentityManager Gitter Chatroom, I managed to solve that issue.
There was a sample host configuration in IdentityManager Github Source. Implementing the exact configuration on my project, now I can remotely connect to IdMgr using IdSrv3.
Hope that helpes someone.

Can I receive SAML 2.0 message in ASP.NET without WIF?

We are planning to receive a SAML assertion from another website into ours (ASP.NET). No one here has ever worked with SAML. We simply need to verify the signed assertion, decrypt the token containing a user id and if we can verify it, log them into our site (authenticate/authorize). We are using Forms Authentication for all other authentication. I would like to avoid installing WIF if possible because my understanding is we'd have to install the runtime on all the developers machines and servers. Our machines are locked down by policy such that it would be a lot of paper work to get it installed. Are there alternatives to WIF and are they realistic to use in an enterprise environment? If so, can someone point me in the right direction, a good tutorial, video, book or anything with examples would be helpful? I looked at some third party components but I'd have the same issue as with WIF on our servers (not to mention dealing with procurement).
Thanks
Is this internal or an external facing application? You may want to checkout PingOne.com Application Provider Services (APS) [Note: I work for Ping]. PingOne handles all the SAML protocol stuff for you and provides self-service capabilities, reporting, etc. No need to install WIF... just a few lines of .NET code (or whatever) to integrate with the RESTful service that PingOne provides.
HTH - Ian

How to publish our Webservices

I have created an web service I need to publish this service. I need to host and authenticated users need to access my services using ASP.net 2.0
I'm not sure if you are asking for an alternative, but I've been experimenting with this code that seems to work well on codeproject.com (CP).
If your question is on security, perhaps this article on CP is a useful start.

Resources