-
Recent Posts
- Customizing IdentityServer
- ASP.NET Web API Authentication: Using multiple (simultaneous) Authentication Methods with Thinktecture AuthenticationHandler
- LeastPrivilege on Flipboard
- Support for X.509 Client Certificates in Thinktecture.IdentityModel for Web API
- Web API Security: JSON Web Token/OAuth2 with Thinktecture.IdentityModel AuthenticationHandler
Categories
- .NET Security (32)
- ASP.NET (89)
- Azure (26)
- Conferences & Training (27)
- IdentityModel (284)
- IdentityServer (77)
- OAuth (23)
- Photography (14)
- Resources (1)
- Uncategorized (549)
- WCF (104)
- WebAPI (78)
Tweets
- RT @richardblewett: Shindler’s Lifts http://t.co/SOWVG6munp 6 days ago
- Skógafoss tmblr.co/ZtWeVslF2fZL #iceland 1 week ago
Feed
Archives
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
Monthly Archives: March 2005
CompuWare Security Checker/Fault Simulator Roadshow
From april to june I will do a roadshow together with Compuware’s Kurt Aigner focusing on application security/quality assurance in the development cycle. We will kick off with a more general talk about secure development best-practices and threat modelling and after that … Continue reading
Posted in Uncategorized
Leave a comment
The Subtleties of Impersonation
Two new posts on the excellent blog of Shawn Farkas talk about how to securely impersonate, and that a simple try/finally will not do it. extremely recommended. UPDATEShawn shows a more elegant solution (besides that he uses vb.net :) leveraging anonymous … Continue reading
Posted in Uncategorized
Leave a comment
The Future of AzMan?
I wrote a lot about Authorization Manager in the past, and i really believe that this piece of technology is extremely useful to virtualize your authorization decisions in complex applications. Everytime I demo AzMan to customers or students, they really like the … Continue reading
Posted in Uncategorized
Leave a comment
CAS?
Are you using Code Access Security? Keith Brown asks this question on his blog – comment on his entry and your experiences may be incorporated in future articles on the msdn security / smart client developer area. Be sure to … Continue reading
Posted in Uncategorized
Leave a comment
Pierre Nallet
fellow DMer pierre has a blog now. subscribed.
Posted in Uncategorized
Leave a comment
Security Advisory: Log File Path Predictability in dasBlog Community Edition
dasBlog stores log files in known subdirectories of the blog site, e.g. http://www.site.com/logs/2005-01-20.events.log or http://www.site.com/logs/2005-01-20.events.zip With a default installation (as provided by the installation instructions) these files can be downloaded anonymously and can leak information about your site. Workaroundremove read ACLs … Continue reading
Posted in Uncategorized
Leave a comment
Security Advisory : New XSS Vulnerability in dasBlog Community Edition
Cross-Site Scripting Vulnerability in Newtelligence DasBlog Community Edition Author:Dominick Baier <dbaier@ernw.de> 1. Summary:A XSS (Cross-Site-Scripting) Vulnerability in DasBlog’s Event Viewer allows to inject and execute code on the client’s machine. This allows an attacker to transfer the ASP.NET authentication cookie to … Continue reading
Posted in Uncategorized
Leave a comment
Custom ASP.NET 2.0 Provider
Craig McMurtry posted some sample code for an Authorization Manager Role Provider and a ADAM Membership Provider for ASP.NET 2.0 interesting!
Posted in Uncategorized
Leave a comment
