How should I implement additional security to a WIF-based authentication session to protect myself from Related Domain Cookie Attacks that target authentication?
Asked
Active
Viewed 385 times
1 Answers
0
Perhaps by installing ADFS on SQL Server (not WID) which then enables SAML/WS-Federation token replay detection
rbrayb
- 46,440
- 34
- 114
- 174
-
Session cookie replay detection might be interesting, I saw some talk about binding session cookies to IP addresses in one of the linked threads. However I don't think ADFS token replay detection specifically is what you want because the session cookie is distinct from the issued security token. Furthermore, ADFS can only perfrom replay detection on tokens that it consumes, it can't prevent tokens that it has issued from being replayed. – Andrew Lavers Mar 12 '12 at 05:11