Category Archives: ASP.NET

Claims-based Identity & Access Control for .NET, ASP.NET and WCF 4.5 now retired on PluralSight

Posted on July 11, 2019 by Dominick Baier

Time flies! I just got notice from PluralSight that the above mentioned three courses are now retired and are not included in search results anymore. If you still care about this content – the direct links still work, and here … Continue reading →

Posted in .NET Security, ASP.NET, Uncategorized, WCF | Leave a comment

Extending IdentityServer4 with WS-Federation Support

Posted on March 3, 2017 by Dominick Baier

When we designed IdentityServer4, we wanted to make it easier to extend the core token service with custom protocol endpoints. So one thing that comes up every now and then is using IdentityServer4 as an identity provider for SharePoint and … Continue reading →

Posted in .NET Security, ASP.NET, IdentityServer | 4 Comments

NDC London 2017

Posted on February 27, 2017 by Dominick Baier

As always – NDC was a very good conference. Brock and I did a workshop, two talks and an interview. Here are the relevant links: Building JavaScript and mobile/native Clients for Token-based Architectures IdentityServer4: New & Improved for ASP.NET Core … Continue reading →

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | 3 Comments

Platforms where you can run IdentityServer4

Posted on January 15, 2017 by Dominick Baier

There is some confusion about where, and on which platform/OS you can run IdentityServer4 – or more generally speaking: ASP.NET Core. IdentityServer4 is ASP.NET Core middleware – and ASP.NET Core (despite its name) runs on the full .NET Framework 4.5.x … Continue reading →

Posted in .NET Security, ASP.NET, IdentityServer, OpenID Connect, WebAPI | 37 Comments

Trying IdentityServer4

Posted on January 6, 2017 by Dominick Baier

We have a number of options how you can experiment or get started with IdentityServer4. Starting point It all starts at https://identityserver.io – from here you can find all below links as well as our next workshop dates, consulting, production … Continue reading →

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 3 Comments

IdentityServer4.1.0.0

Posted on December 23, 2016 by Dominick Baier

It’s done. Release notes here. Nuget here. Docs here. I am off to holidays. See you next year.

Posted in .NET Security, ASP.NET, OAuth, OpenID Connect, WebAPI | 3 Comments

IdentityServer4 and ASP.NET Core 1.1

Posted on December 8, 2016 by Dominick Baier

aka RC5 – last RC – promised! The update from ASP.NET Core 1.0 (aka LTS – long term support) to ASP.NET Core 1.1 (aka Current) didn’t go so well (at least IMHO). There were a couple of breaking changes both … Continue reading →

Posted in ASP.NET, OAuth, OpenID Connect, WebAPI | 3 Comments

New in IdentityServer4: Resource-based Configuration

Posted on December 1, 2016 by Dominick Baier

For RC4 we decided to re-design our configuration object model for resources (formerly known as scopes). I know, I know – we are not supposed to make fundamental breaking changes once reaching the RC status – but hey – we … Continue reading →

Posted in .NET Security, ASP.NET, OAuth, Uncategorized, WebAPI | 44 Comments

New in IdentityServer4: Multiple allowed Grant Types

Posted on October 12, 2016 by Dominick Baier

In OAuth 2 some grant type combinations are insecure, that’s why we decided for IdentityServer3 that we’ll be defensive and allow only a single grant type per client. During the last two years of implementing OAuth 2, it turned out … Continue reading →

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments

IdentityServer4 RC2 released

Posted on October 9, 2016 by Dominick Baier

Yesterday we pushed IdentityServer4 RC2 to nuget. There are no big new features this time, but a lot of cleaning up, bug fixing and adding more tests. We might add one or two more bigger things before RTM – but … Continue reading →

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments