Author Archives: Dominick Baier

IdentityServer v3 and “Post Logout Redirect”

One frequently requested feature was the ability to redirect back to the client after logging out of IdentityServer. The session management spec describes this in the “RP-initiated logout” section. While this is a nice convenience feature and seems trivial to … Continue reading

Posted in Uncategorized | Leave a comment

IdentityServer v3 Beta 2-1

We just did a minor update to Beta 2. Besides some smaller changes and bug fixes we now support redirecting back to a client after logout (very requested feature). I will write a blog post soon describing how it works.

Posted in IdentityServer, OAuth, OpenID Connect, WebAPI | Leave a comment

Getting started with IdentityServer v3

Last night I started working on a getting started tutorial for IdentityServer v3 – while writing it, it became clear, that a single walkthrough will definitely not be enough to show the various options you have – anyways I started with … Continue reading

Posted in ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | Leave a comment

OpenID Connect Hybrid Flow and IdentityServer v3

One of the features we added in Beta 2 is support for hybrid flow (see spec).  What is hybrid flow – and why do I care? Well – in a nutshell – OpenID Connect originally extended the two basic OAuth2 … Continue reading

Posted in IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | Leave a comment

Identity & Access Control at NDC London 2014

The NDC Agenda is out now – and Brock and me will do a number of identity & access control related sessions. Brock will talk about identity management in ASP.NET – which is a huge topic – so he split … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 5 Comments

IdentityServer v3 – Beta 2

We just pushed IdentityServer v3 beta 2 to github and nuget. This time it’s been 161 commits and we added a lot of small things – and a couple of bigger things, e.g.: Update to Katana v3 and JWT handler … Continue reading

Posted in ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 5 Comments

401 vs 403

For years, there’s been an ongoing discussion which HTTP status code to use for “not authorized” scenario – and the original HTTP 1.1 specification wasn’t exactly crystal clear about the distinction between 401 (unauthorized) and 403 (forbidden). But there is … Continue reading

Posted in .NET Security, WebAPI, ASP.NET, OAuth, Katana, OWIN | Leave a comment