Igor's Computer Blog

I was excited to see Facebook (FB) supporting login via OpenID (FB is a relying party), and I decided to give it a whirl. Here I list the results of my investigation, which describe the odd use of OpenID, as well as my wire level analysis which I hope you find informative. This post doesn't go into details of how OpenID works, if you're interested in that leave a comment and I'll put up such a post. FB uses OpenID in a way I've never seen before. In the "common" OpenID login model, you get a login page that shows you some sort of login via OpenID buttons. When you go to the FB login page there is no login via OpenID.   This confused me, but I went to my FB account settings and linked my google account to my FB account. (Attempts to link my MyOpenID account failed with a strange error message).  After some trial and error I realized that if I was logged into my Google account and went to the FB page than I'd automatically get logged into FB. Debugging...

If you’ve read my previous post here , you know powershell can do some basic certificate management via the certificate provider. However, the certificate provider has some limitations. The certificate provider can’t create,delete,copy or import/export certificates. This annoyed me so I’m creating a powershell module called CertificateHelper that will provide these missing features. So far the module implements: New-Certificate Remove-Certificate  CertHelper can be found on codeplex . You install it like this: (You must have hg installed) PS C:\>cd $home\Documents\WindowsPowerShell\Modules PS C:\Users\igord\Documents\WindowsPowerShell\Modules> hg clone https://hg01.codeplex.com/certificatehelper destination directory: certificatehelper requesting all changes adding changesets adding manifests adding file changes added 5 changesets with 8 changes to 4 files updating to branch default 4 files updated, 0 files merged, 0 files removed, 0 files unresol...

You often use thumbprints to find certificates, but what is the thumbprint?  The thumbprint is the hash of the certificate. In the case of the CLR’s X509Certificate2 class, the thumbprint is the SHA1 hash of the certificate. If you want to compute the thumbprint of a certificate yourself it’s pretty simple: function get-CertThumbprint ($cert) { $sha = new-object System.Security.Cryptography.SHA1CNG $hashOfRawBytesOfCertificate = $sha.ComputeHash($cert.RawData) ( $hashOfRawBytesOfCertificate| % {"{0:X}" -f $_} ) -join "" } PS cert:\LocaLMachine\My> dir Directory: Microsoft.PowerShell.Security\Certificate::LocaLMachine\My Thumbprint Subject ---------- ------- 3BCA8A25A071300BD177E4C73135E54FA830039A CN=STS 08766D8B3DCDE5D633ED06AB1CB4DF4CCAECA533 CN=localhost PS cert:\LocalMachine\My> $cert = get-item 08766D8B3DCDE5D633ED06AB1CB4DF4CCAECA533 PS cert:\LocalMachine\My> $cert...