Category Archives: ASP.NET

New Pluralsight Course: “Web API v2 Security”

It is finally online! Hope you like it. http://pluralsight.com/training/Courses/TableOfContents/webapi-v2-security

Posted in ASP.NET, AuthorizationServer, Katana, OAuth, OWIN, WebAPI | 6 Comments

Announcing Thinktecture IdentityServer v3 – Preview 1

The last months we’ve been heads down re-writing IdentityServer from scratch (see here for background) – and we are now at a point where we think we have enough up and running to show it to you! What we’ve done … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 5 Comments

Integrating AuthorizationServer with Auth0

AuthorizationServer is a lightweight OAuth2 implementation that is designed to integrate with arbitrary identity management systems. I wrote about integration with Thinktecture IdentityServer, ADFS and even plain Windows integrated authentication before. Another really compelling and feature rich identity management is … Continue reading

Posted in ASP.NET, AuthorizationServer, OAuth, WebAPI | Leave a comment

Combining Thinktecture AuthorizationServer with Windows Integrated Authentication

One of the key features of AS is that you can combine it with arbitrary authentication methods. This basically allows to layer OAuth2 and our application and authorization model over any identity management system. Recently the question came up which … Continue reading

Posted in ASP.NET, AuthorizationServer, OAuth, WebAPI | 15 Comments

Advanced OAuth2: Assertion Flow (how)

My last post described the mechanics and motivation for the OAuth2 assertion flow. In this post I want to show you how you can use Thinktecture AuthorizationServer to implement an assertion flow scenario. For this specific example I will use … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, OAuth, WebAPI | 1 Comment

Advanced OAuth2: Assertion Flow (why)

The core OAuth2 spec defines so called flows, which are basically descriptions of the interactions between a client, a user and an authorization server to request access tokens. Another implied fact is, that the resource server and the authorization server … Continue reading

Posted in ASP.NET, AuthorizationServer, OAuth, WebAPI | 1 Comment

My Web API Security Talk from Software Architect 2013

https://vimeo.com/user22258446/review/79095048/9a4d62f61c

Posted in ASP.NET, AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, Katana, OAuth, OWIN | 5 Comments

Dissecting the Web API Individual Accounts Template–Part 3: External Accounts

Part 1 covered the basic template security setup. Part 2 focused on the features around local accounts and username/password authentication. This part will deal with third party authentication using Google and friends as well as associating a third party account … Continue reading

Posted in ASP.NET, Katana, OAuth, OWIN, WebAPI | 21 Comments

Dissecting the Web API Individual Accounts Template–Part 2: Local Accounts

In the last post I gave an overview of the security setup of the Individual Accounts template. I recommend reading that first. Also Brock has some great background content – here and here. Disclaimer: I would have designed the API … Continue reading

Posted in ASP.NET, Katana, OAuth, OWIN, WebAPI | 1 Comment

Dissecting the Web API Individual Accounts Template–Part 1: Overview

The Web API v2 Individual Accounts template shows off some quite popular application scenarios, e.g. username/password authentication with local accounts (including create account, change/set password) as well as third party authentication using Facebook, Google etc – including linking those external … Continue reading

Posted in ASP.NET, Katana, OAuth, OWIN, WebAPI | 2 Comments