# Friday, August 23, 2019

Recently, I was working on a VM that someone else provided me and I needed to download an executable from the Internet onto this VM. I discovered that the only installed browser on the VM was Internet Explorer 11 and that the browser was configured to prevent anyone from downloading files from the Internet.

I don't know if this is the default setting for IE 11, but here is how to change the setting to allow users to download files.

Open Internet Explorer.

From the menu, select Tools | Internet Options

The "Internet Options" dialog displays. Select the "Security" tab, as shown in Fig. 1.

Fig. 1

Click the [Custom Level] button. The "Security Settings" dialog displays. Scroll down to the "Downloads/File download" section, as shown in Fig. 2.

Fig. 2

Select the "Enable" radio button and click the [OK] button. If prompted for confirmation, click [Yes].

Click the [OK] button to close the "Internet Options" dialog.

Now you can download files linked within the browser.

Friday, August 23, 2019 11:17:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, March 11, 2019

Episode 554

Ondrej Balas on 2-Factor Authentication

Ondrej Balas discusses advances in 2-Factor Authentication and tells us how to add this security to our applications.

Monday, March 11, 2019 9:31:00 AM (GMT Standard Time, UTC+00:00)
# Monday, August 20, 2018
Monday, August 20, 2018 8:25:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, July 2, 2018
Monday, July 2, 2018 9:35:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, May 7, 2018
Monday, May 7, 2018 11:18:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, March 27, 2017
Monday, March 27, 2017 11:58:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, December 5, 2016
Monday, December 5, 2016 12:54:37 PM (GMT Standard Time, UTC+00:00)
# Monday, October 24, 2016
Monday, October 24, 2016 9:53:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, September 19, 2016
Monday, September 19, 2016 12:38:00 PM (GMT Daylight Time, UTC+01:00)
# Tuesday, September 13, 2016
Tuesday, September 13, 2016 12:36:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, July 25, 2016
Monday, July 25, 2016 9:10:12 PM (GMT Daylight Time, UTC+01:00)
# Monday, May 16, 2016
Monday, May 16, 2016 1:20:43 PM (GMT Daylight Time, UTC+01:00)
# Friday, April 8, 2016

Wolfgang - 220x123 Last year, Security expert Wolfgang Goerlich began recording short videos from the front seat of his car. Each video lasted on only a few minutes and each covered a different topic of IT Security and/or infrastructure.

Now, you can watch many of these videos on Channel 9. This provides not only a different audience for Mr. Goerlich, but gives viewers the ability to subscribe to a video feed and to download different resolutions of the each video and even an audio-only track.

You can find these videos at https://channel9.msdn.com/blogs/stuck-in-traffic.

Friday, April 8, 2016 8:06:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, June 8, 2015
Monday, June 8, 2015 2:45:00 PM (GMT Daylight Time, UTC+01:00)
# Tuesday, October 7, 2014
Tuesday, October 7, 2014 12:46:21 AM (GMT Daylight Time, UTC+01:00)
# Monday, August 25, 2014
Monday, August 25, 2014 1:30:00 PM (GMT Daylight Time, UTC+01:00)
# Monday, June 30, 2014
# Monday, June 16, 2014
Monday, June 16, 2014 2:30:18 PM (GMT Daylight Time, UTC+01:00)
# Monday, December 24, 2012
Monday, December 24, 2012 3:50:00 PM (GMT Standard Time, UTC+00:00)
# Monday, December 17, 2012
Monday, December 17, 2012 3:13:00 PM (GMT Standard Time, UTC+00:00)
# Friday, November 9, 2012

So last night I go to the bar to get all liquored up and I says to the bartender: “Gimme my favourite getting-liquored-up drink – a dirty vodka martini with extra olives and Grey Goose vodka.

The bartender looks at me and he sees my cherubic countenance and he notices my boyish charm and he says “Son, we have laws in this state. We are unable to serve anyone who is under the age of 21. Can you prove to me that you are at least 21 years old?”

“You bet I can!” I says to him. “Follow me!”

And we go out back where my private jet is parked and we fly down to Tampa where he meets my parents and they tell him how I was born during the Kennedy administration and they explain how I was such a rotten kid that my dad went to the War in Vietnam just to get a break from me.

Then we get back in my private jet and we fly to Jacksonville, NC to the hospital where I was born and they show us my birth certificate and the bartender asks me “Can you prove that you are the David Giard listed on this birth certificate?” and I proceed to provide him with blood samples and fingerprints and utility bills and all sorts of evidence that I am in fact the David Giard listed on the Birth Certificate.

So we fly back to the bar and the bartender says “OK, you’ve convinced me that you are David Giard and that you were born more than 21 years ago” and he mixes up my favourite getting-liquored-up drink and I drink it like the grown man that I am.


…Some of the above story is untrue.

First, I don’t drink Grey Goose. I’m a Ketel One man.

Second, I don’t own a private jet.

And finally, the bartender does not have time to personally verify the identity and age of every young whippersnapper who orders a drink. If he did so, he wouldn’t have time to serve other whippersnappers and they would go away thirsty and cranky and he wouldn’t make enough money to keep the bar open.

Instead, the bartender has to trust someone else. But who can he trust? Probably not me. As we’ve already seen, I am capable of telling a convincing story that is not 100% true.

Of course, he will trust the government (because, if you can’t trust the government, who can you trust?)

In my case, he will trust the state government because months ago, I went to an office run by the state of Michigan and I proved to them (by supplying a birth certificate, a photo ID, a utility bill, and other documents) that I am David Giard and on what date I was born. It turns out that the state government has been verifying such information for a long time, so they are pretty good at it. When I had satisfied the government office, they issued me a “token” verifying my identity and certain claims about me, such as my date of birth. This token took the form of a Driver’s License. This Driver’s License claims that my name is David Giard and that I was born on a specific date and that I look like the photo in the corner of the license and that I reside at a specific address.

Claims-based authentication works exactly like this.

In claims-based authentication, an application does not authenticate a user directly. Instead, the application directs the user to a trusted authority (known as a “Secure Token Service” or “STS”) and asks the STS to authenticate the user. In some cases, this STS may even decide to ask some other STS that it trusts to authenticate the user. When the user has been authenticated, the STS will create a token to return to the application. This token contains proof of authentication, but it may also contain a number of “Claims”. Claims are attributes about the user that are asserted by the STS. Because the application trusts the STS, it will believe these claims about the user.

Much like the bartender believes the birth date on a valid driver’s license, the application believes the claims contained in the token. And just like the bartender applies his own rules based on the driver’s license claims (you must be 21 or over to drink), the application can apply whatever rules it sees fit to authorize the user based on claims contained in the token provided by the STS. For example, the application may decide that only users in a given role may view certain pages in an application. Or that certain links are disabled, unless a user has been with the company a certain length of time.

Thus, the authentication (who is this user?) is outsourced to another application, but the authentication (what can this user do?) is not.

Friday, November 9, 2012 1:22:00 PM (GMT Standard Time, UTC+00:00)
# Monday, July 2, 2012
Monday, July 2, 2012 3:47:00 PM (GMT Daylight Time, UTC+01:00)
# Monday, April 23, 2012
Monday, April 23, 2012 9:37:00 PM (GMT Daylight Time, UTC+01:00)
# Monday, February 27, 2012
Monday, February 27, 2012 8:33:00 PM (GMT Standard Time, UTC+00:00)