Monthly Archives: June 2012

Managing ASP.NET Membership and Roles without Visual Studio

I made a conscious decision to not include any user management features in IdentityServer. It’s a token service. In addition it is based (at least by default) on the standard ASP.NET membership, roles and profile features. So there should be … Continue reading

Posted in ASP.NET, IdentityServer | 9 Comments

CORS support in WebAPI, MVC and IIS with Thinktecture.IdentityModel

Brock has added a really nice implementation of CORS to Thinktecture.IdentityModel (both 4.0 and 4.5). Here are all the details.

Posted in IdentityModel, WebAPI | Leave a comment

Session Token JavaScript Sample for Thinktecture.IdentityModel and Web API

Christian has added a new JavaScript sample that shows how to use the session token mechanism. It includes persisting the session token in local storage. Nice! github

Posted in IdentityModel, WebAPI | 17 Comments

Update on Thinktecture.IdentityServer for .NET 4.5

I made some progress on the 4.5 version. It is now a real .NET 4.5/MVC 4 application and I made some minor changes to data handling: Switched to the new universal providers for ASP.NET Switched to SQL Server LocalDB as … Continue reading

Posted in IdentityModel, IdentityServer, WebAPI | 15 Comments

New unified Nuget Package for Thinktecture.IdentityModel

I uploaded a Nuget package for Thinktecture.IdentityModel that contains both the 4.0 and 4.5 versions. That should make it easier. We will try to keep both framework versions as closely in sync as possible.

Posted in IdentityModel, WebAPI | 16 Comments

Important: Setting the Client Principal in ASP.NET Web API

Due to some unfortunate mechanisms buried deep in ASP.NET, setting Thread.CurrentPrincipal in Web API web hosting is not enough. When hosting in ASP.NET, Thread.CurrentPrincipal might get overridden with HttpContext.Current.User when creating new threads. This means you have to set the … Continue reading

Posted in WebAPI | 7 Comments

Extending Authorization in ASP.NET Web API – Part 1: Basics

From my last post you can maybe tell that I prefer to keep my business and authorization logic separate. I am also not a huge fan of annotating my façade with role requirements like the [Authorize] attribute does. In this … Continue reading

Posted in IdentityModel, WebAPI | 3 Comments