Author Archives: Dominick Baier

OpenID Connect Certification for IdentityServer3

I am extremely happy to announce that IdentityServer3 is now officially certified by the OpenID Foundation. Version 1.6 and onwards is now fully compatible with the basic, implicit, hybrid and configuration profile of OpenID Connect.

Posted in .NET Security, ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 1 Comment

Implicit vs Explicit Authentication in Browser-based Applications

I got the idea for this post from my good friend Pedro Felix – I hope I don’t steal his thunder (I am sure I won’t – since he is much more elaborate than I am) – but when I … Continue reading

Posted in WebAPI | 2 Comments

IdentityServer3 vNext

Just a quick update about some upcoming changes in IdentityServer3. The last weeks since the 1.0.0 release in January we did mostly bug fixing, fine tuning and listening to feedback. Inevitably we found things we want to change and improve … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, OWIN, WebAPI | Leave a comment

.NET Foundation Advisory Council

I have been invited to join the .NET Foundation advisory council – looking forward to it!

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, WebAPI | 2 Comments

IdentityServer3 1.0.0

Today is a big day for us! Brock and I started working on the next generation of IdentityServer over 14 months ago. In fact – I remember exactly how I created the very first file (constants.cs) somewhere in the Swiss … Continue reading

Posted in ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 23 Comments

2014 in review

The stats helper monkeys prepared a 2014 annual report for this blog. Here’s an excerpt: The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 530,000 times in 2014. If it were an exhibit at … Continue reading

Posted in Uncategorized | Leave a comment

The Future of AuthorizationServer

Now that IdentityServer v3 is almost done, it makes sense to “deprecate” some of the older projects. Especially all of the functionality of AuthorizationServer is completely replaced by the IdSrv3 feature set. AuthorizationServer is actually a pretty small and compact … Continue reading

Posted in ASP.NET, AuthorizationServer, OAuth, WebAPI | 6 Comments