Events
29 Apr, 2 pm - 30 Apr, 7 pm
Join the ultimate Windows Server virtual event April 29-30 for deep-dive technical sessions and live Q&A with Microsoft engineers.
Sign up nowIntroducing Token Binding
The Token Binding protocol allows applications and services to cryptographically bind their security tokens to the TLS layer to mitigate token theft and replay attacks. The long-lived, uniquely identifiable TLS [RFC5246] bindings can span multiple TLS sessions and connections.
Version support:
- Windows 10, version 1507 – Off by default
- Token Binding Protocol added [draft-ietf-tokbind-protocol-01]
- WinInet & HTTP.SYS support of token binding over HTTP [draft-ietf-tokbind-https-01]
- Windows 10, versions 1511 and 1607, and Windows Server 2016 – On by default
- Token Binding Protocol updated [draft-ietf-tokbind-protocol-01]
- TLS extension for token binding negotiation added [draft-popov-tokbind-negotiation-00]
- WinInet & HTTP.SYS support of token binding over HTTP updated [draft-ietf-tokbind-https-02]
- Windows 10, version 1507 with servicing update KB4034668, Windows 10, version 1511 with servicing update KB4034660, Windows 10, version 1607 and Windows Server 2016 with servicing update KB4034658 support Token Binding Protocol version 0.10 – On by default
- Token Binding Protocol updated [draft-ietf-tokbind-protocol-10]
- TLS extension for token binding negotiation added [draft-ietf-tokbind-negotiation-05]
- WinInet & HTTP.SYS support of token binding over HTTP updated [draft-ietf-tokbind-https-06]
- Windows 10, version 1703 supports Token Binding Protocol version 0.10 – On by default
- Token Binding Protocol updated [draft-ietf-tokbind-protocol-10]
- TLS extension for token binding negotiation added [draft-ietf-tokbind-negotiation-05]
- WinInet & HTTP.SYS support of token binding over HTTP updated [draft-ietf-tokbind-https-06]
- Windows devices with Virtualization-based security enabled will keep the token binding keys in a protected environment that is isolated from the running operating system
Information about ASP .NET support can be found at the .NET Framework Reference Source.
For information about .NET Framework, see the following topics:
Additional resources
Training
Module
Guide to Secure .NET Development with OWASP Top 10 - Training
Evaluate security risks that come with insecure application development patterns and practices
Documentation
-
Token protection in Microsoft Entra Conditional Access - Microsoft Entra ID
Learn how to use token protection in Conditional Access policies.