I suggest you ...

← Windows Azure Feature Voting

Use correct HTTP headers to protect ACS credentials

ACS does not specify expiration, transport-security, or anti-clickjacking headers as other OpenID, or SAML providers such as ADFSv2 do. Please implement these security features:

http://social.msdn.microsoft.com/Forums/en-US/windowsazuresecurity/thread/eab4b53e-438b-4b20-8933-ae88e2f3610f

See a detailed list of headers here:

http://security.stackexchange.com/q/8480/396

3 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Forgot password?
    Create a password
    I agree to the terms of service
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    Chris MankowskiChris Mankowski shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Forgot password?
      Create a password
      I agree to the terms of service
      Signed in as (Sign out)
      Close
      Close
      Submitting...

      Windows Azure Feature Voting

      Feedback and Knowledge Base

      (thinking…)