Category Archives: IdentityModel

Announcing Thinktecture IdentityServer v3 – Preview 1

The last months we’ve been heads down re-writing IdentityServer from scratch (see here for background) – and we are now at a point where we think we have enough up and running to show it to you! What we’ve done … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 8 Comments

OAuth2 and OpenID Connect Scope Validation for OWIN/Katana

In OAuth2 or OpenID Connect you don’t necessarily always use the audience to partition your token space – the scope concept is also commonly used (see also Vittorio’s post from yesterday). A while ago I created a Web API authorize … Continue reading

Posted in IdentityModel, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 1 Comment

OpenID Connect and the IdentityServer Roadmap

Since OpenID Connect has been officially released now, I thought I’ll tell you a little bit more about our plans around our identity open source projects. IdentityServerIdSrv is a very popular identity provider with excellent support for WS-Federation and WS-Trust. … Continue reading

Posted in AuthorizationServer, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 24 Comments

Workshop: Identity & Access Control for modern Web Applications and APIs

Brock and I are currently working on a brand new two day workshop about all things security when building modern web applications and APIs. You can either attend the full two day version at NDC Oslo (June) – or a … Continue reading

Posted in AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 14 Comments

Thinktecture.IdentityModel.Owin.*

To be more in-line with the OWIN / middleware mindset (and because Damian said so) – I broke up our OWIN security assembly into smaller components: http://www.nuget.org/packages?q=Thinktecture.IdentityModel.Owin.* Currently there are four packages: Basic Authentication X.509 client certificate authentication Claims transformation … Continue reading

Posted in IdentityModel, Katana, OWIN, WebAPI | Leave a comment

Advanced OAuth2: Assertion Flow (how)

My last post described the mechanics and motivation for the OAuth2 assertion flow. In this post I want to show you how you can use Thinktecture AuthorizationServer to implement an assertion flow scenario. For this specific example I will use … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, OAuth, WebAPI | 1 Comment

My Web API Security Talk from Software Architect 2013

https://vimeo.com/user22258446/review/79095048/9a4d62f61c

Posted in ASP.NET, AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, Katana, OAuth, OWIN | 5 Comments

Thinktecture.IdentityModel.Client v1.0

As part of the restructuring work of IdentityModel, I separated the HTTP and OAuth2 client bits into a separate project. The nice side effect of this is that the client library is now portable and can be used in .NET … Continue reading

Posted in IdentityModel, OAuth, WebAPI | 2 Comments

Adding Refresh Tokens to a Web API v2 Authorization Server

In the last post I showed how to add a simple username/password (aka resource owner password credentials flow) authorization server to Web API v2. This has several advantages: The client does not need to hold on to the user credentials … Continue reading

Posted in AuthorizationServer, IdentityModel, Katana, OAuth, OWIN, WebAPI | 6 Comments

Client Certificate Authentication Middleware for Katana

Katana has no middleware to turn SSL client certificates into a ClaimsIdentity. And since I am currently collecting material for my upcoming Web API security course I used the opportunity to experiment with Katana authentication middleware. There’s a certain pattern … Continue reading

Posted in IdentityModel, Katana, OWIN, WebAPI | Leave a comment