Learning Claims-Based Identity

I you are trying to learn Claims-Based Identity, the Official Home Page contains a lot of information.

On Windows, Claims-Based Identity basically consist of 3 concepts:

– Active Directory Federation Services 2.0 (AD FS 2.0 – Security Token Service – STS)
– CardSpace 2.0 (Identity Selector)
– Windows Identity Foundation (.NET API for creating claims aware applications)

The resources below should get you started:

Whitepapers & docs

High level introduction
Claims-Based Identity for windows

WIF API walkthrough
Microsoft Windows Identity Foundation (WIF) Whitepaper for Developers

WIF MSDN doc
Windows Identity Foundation on MSDN

A Guide to Claims–Based Identity and Access Control
A Guide to Claims-Based Identity and Access Control

Sample walkthrough
Building Claims-Based WPF Applications Whitepaper

Understanding WS-Federation
http://msdn.microsoft.com/en-us/library/bb498017.aspx

MSDN Magazine articles
Exploring Claims-Based Identity
Claims-Based Authorization with WIF
Building A Custom Security Token Service

A Better Approach For Building Claims-Based WCF Services

AD FS 2.0 in Identity Solutions

Videos

Windows Identity Foundation Overview
Identity Roadmap for Software + Services
The Id Element
Securing Your Apps and Services with the Microsoft Geneva Framework Part 1
Securing Your Apps and Services with the Microsoft Geneva Framework Part 2
Securing Your Apps and Services with the Microsoft Geneva Framework Part 3
Securing Your Apps and Services with the Microsoft Geneva Framework Part 4
Securing Your Apps and Services with the Microsoft Geneva Framework Part 5
Securing Your Apps and Services with the Microsoft Geneva Framework Part 6

Software

Windows Identity Foundation Runtime
Windows Identity Foundation SDK
Active Directory Federation Services 2.0 Release Candidate
Windows CardSpace 2.0 Beta 2

AD FS 2.0 setup

Checklist: Setting Up a Federation Server
Configuring Active Directory Federation Services 2.0
Enabling SSL on IIS 7.0 Using Self-Signed Certificates
Add a Relying Party Trust

Blogs

vbertocci
leastprivilege
weyer
Keith Brown

Books

Understanding Windows CardSpace
Programming Windows Identity Foundation

Code Samples

Identity Developer Training Course
Identity Developer Training Kit
Fabrikam Shipping
Starter STS
Identitymodel
wpf and Cardspace
Claims-Based WPF Reference Samples

Going forward I will blog more about Claims-Based Identity and give concrete code samples.

Overriding Equals for Reference and Value Types

In different programming forums, there are always questions about how, why and when to override Equals and GetHashCode for .NET types.

Its actually relative simple to do, so in this post we will look at overriding Equals for Reference and Value Types.

For reference types, we want to override Equals when we want to check for equality and not identity.

We will use this simple Car class as example:

public class Car
    {
        private readonly string serialNumber;

        public string SerialNumber
        {
            get { return serialNumber; }
        }

        public Car(string serial)
        {
            serialNumber = serial;
        }
    }

Comparing two Car instances will return false, since Equals checks identity. That is, the two references does not point to the same object.

Car car1 = new Car("12345");
Car car2 = new Car("12345");
Console.WriteLine(car1.Equals(car2));

But lets say that we want to check for equality instead. So two Car’s are Equal, if the SerialNumber on the car’s are equal. Lets override the Equals method: 

public override bool Equals(object obj)
{
  if (obj == null)
      return false;

  if (Object.ReferenceEquals(this, obj))
      return true;

  if (this.GetType() != obj.GetType())
      return false;

  return ((Car)obj).SerialNumber == this.SerialNumber;
}

Now Equals will return true for two types with the same SerialNumber.

Will can also implement the IEquatable interface, so we get a type safe Equals method. So we will move the logic to the generic method, and let the non-generic method call the generic method:

public override bool Equals(object obj)
   {
       Car car = obj as Car;
       if (car != null)
       {
           return Equals(car);
       }
       else
       {
           return false;
       }
   }

   public bool Equals(Car other)
   {
       if (other == null)
           return false;

       if (Object.ReferenceEquals(this, other))
           return true;

       if (this.GetType() != other.GetType())
           return false;

       return ((Car)other).SerialNumber == this.SerialNumber;
   }

The last thing we should do, is overriding GetHashCode. The doc says, that Types that override Equals must also override GetHashCode. That is, if two types are equal, the must return the same HashCode. So lets override GetHashCode as well.

Here is the complete class:

public class Car : System.IEquatable<Car>
{
   private readonly string serialNumber;

   public string SerialNumber
   {
       get { return serialNumber; }
   }

   public Car(string serial)
   {
       serialNumber = serial;
   }

   public override bool Equals(object obj)
   {
       Car car = obj as Car;
       if (car != null)
       {
           return Equals(car);
       }
       else
       {
           return false;
       }
   }

   public bool Equals(Car other)
   {
       if (other == null)
           return false;

       if (Object.ReferenceEquals(this, other))
           return true;

       if (this.GetType() != other.GetType())
           return false;

       return ((Car)other).SerialNumber == this.SerialNumber;
   }

   public override int GetHashCode()
   {
       return SerialNumber.GetHashCode();
   }
}

This completes the override of Equals for a reference type. Now lets look at Value Types.

By default the Equal method for value types actually checks for equality and not identity. This is implemented in the System.ValueType that overrides Equals. Its implemented something like this:

public override bool Equals(object obj)
{
if (obj == null)
{
   return false;
}
RuntimeType type = (RuntimeType) base.GetType();
RuntimeType type2 = (RuntimeType) obj.GetType();
if (type2 != type)
{
   return false;
}
object a = this;
if (CanCompareBits(this))
{
   return FastEqualsCheck(a, obj);
}
FieldInfo[] fields = type.GetFields(BindingFlags.NonPublic 
| BindingFlags.Public | BindingFlags.Instance);
for (int i = 0; i < fields.Length; i++)
{
   object obj3 = ((RtFieldInfo) fields[i]).InternalGetValue(a, false);
   object obj4 = ((RtFieldInfo) fields[i]).InternalGetValue(obj, false);
   if (obj3 == null)
   {
       if (obj4 != null)
       {
           return false;
       }
   }
   else if (!obj3.Equals(obj4))
   {
       return false;
   }
}
return true;
}

We can see that is uses reflection.

The implementation is pretty much the same as the implementation for a reference type.

Here is the complete code for the value type:

public struct Car : System.IEquatable<Car>
{
   private readonly string serialNumber;

   public string SerialNumber
   {
       get { return serialNumber; }
   }

   public Car(string serial)
   {
       serialNumber = serial;
   }

   public override bool Equals(object obj)
   {
       if (obj is Car)
       {
           return ((Car)obj).Equals(this);
       }
       else
       {
           return false;
       }
   }

   public bool Equals(Car other)
   {
       if (other == null)
           return false;

       if (Object.ReferenceEquals(this, other))
           return true;

       if (this.GetType() != other.GetType())
           return false;

       return ((Car)other).SerialNumber == this.SerialNumber;
   }

   public override int GetHashCode()
   {
       return SerialNumber.GetHashCode();
   }

   public static bool operator ==(Car a, Car b)
   {
       return a.Equals(b);
   }

   public static bool operator !=(Car a, Car b)
   {
       return !(a.Equals(b));
   }
}

I you want all the details, go directly to the source – MSDN.

Silverlight course – demo and slides

Thanks to everyone who participated in the Silverlight course this week.

All demos and slides are now uploaded to Live Mesh.