Category Archives: ASP.NET

NDC London: Identity and Access Control for modern Web Applications and APIs

I am happy to announce that NDC will host our new workshop in London in December! Join us to learn everything that is important to secure modern web applications and APIs using Microsoft’s current and future web stack! Looking forward … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 1 Comment

Updated IdentityServer v3 Roadmap (and Refresh Tokens)

Brock and I have been pretty busy the last months and we did not find as much time to work on IdentityServer as we wanted. So we have updated our milestones on github and are currently planning a Beta 1 for … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 6 Comments

Resource/Action based Authorization for OWIN (and MVC and Web API)

Authorization is hard – much harder than authentication because it is so application specific. Microsoft went through several iterations of authorization plumbing in .NET, e.g. PrincipalPermission, IsInRole, Authorization configuration element and AuthorizeAttribute. All of the above are horrible approaches and … Continue reading

Posted in ASP.NET, IdentityModel, Katana, OWIN, WebAPI | 5 Comments

NDC Oslo 2014 Slides, Samples and Videos

As always – NDC was a great conference! Here’s the list of resources relevant to my talks: IdentityServer v3 preview: github Web API Access Control & Authorization: slides / video OpenID Connect: slides / video  

Posted in ASP.NET, Conferences & Training, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments

IdentityServer v3 and Azure WebSites (and other Deployment Simplifications)

(applies to preview 1) A common request for IdentityServer was being able to run on Azure WebSites (or other constrained deployment environments where you don’t have machine level access). This was never easy because our default implementations in v2 had … Continue reading

Posted in ASP.NET, Azure, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | Leave a comment

New Pluralsight Course: “Web API v2 Security”

It is finally online! Hope you like it. http://pluralsight.com/training/Courses/TableOfContents/webapi-v2-security

Posted in ASP.NET, AuthorizationServer, Katana, OAuth, OWIN, WebAPI | 16 Comments

Announcing Thinktecture IdentityServer v3 – Preview 1

The last months we’ve been heads down re-writing IdentityServer from scratch (see here for background) – and we are now at a point where we think we have enough up and running to show it to you! What we’ve done … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 25 Comments

Integrating AuthorizationServer with Auth0

AuthorizationServer is a lightweight OAuth2 implementation that is designed to integrate with arbitrary identity management systems. I wrote about integration with Thinktecture IdentityServer, ADFS and even plain Windows integrated authentication before. Another really compelling and feature rich identity management is … Continue reading

Posted in ASP.NET, AuthorizationServer, OAuth, WebAPI | Leave a comment

Combining Thinktecture AuthorizationServer with Windows Integrated Authentication

One of the key features of AS is that you can combine it with arbitrary authentication methods. This basically allows to layer OAuth2 and our application and authorization model over any identity management system. Recently the question came up which … Continue reading

Posted in ASP.NET, AuthorizationServer, OAuth, WebAPI | 15 Comments

Advanced OAuth2: Assertion Flow (how)

My last post described the mechanics and motivation for the OAuth2 assertion flow. In this post I want to show you how you can use Thinktecture AuthorizationServer to implement an assertion flow scenario. For this specific example I will use … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, OAuth, WebAPI | 2 Comments