Managing Security for Web Applications

Applies To: Windows Server 2003 R2

You can use a common set of procedures to manage security for Web applications that are protected by Active Directory Federation Services (ADFS) Web Agents for both Windows NT token-based applications and claims-aware applications.

Task requirements

You need the following to perform the procedures for this task:

• You must have the following information about how to control access to the application:

  • The appropriate authentication methods.

  • The security token protection methods.

  • The appropriate security token lifetime.

• Active Directory Federation Services (ADFS) MMC snap-in.

• The Web.config file located in %systemdrive%\ADFS\sts on a federation server.

To complete this task, perform the following procedures on an as-needed basis:

• Configure authentication methods for a federated application

• Configure the security token protection method for a federated application

• Change the token lifetime for an application

• Configure a policy page for a Web site