Category Archives: .NET Security

Identity & Access Control at NDC London 2014

The NDC Agenda is out now – and Brock and me will do a number of identity & access control related sessions. Brock will talk about identity management in ASP.NET – which is a huge topic – so he split … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 6 Comments

401 vs 403

For years, there’s been an ongoing discussion which HTTP status code to use for “not authorized” scenario – and the original HTTP 1.1 specification wasn’t exactly crystal clear about the distinction between 401 (unauthorized) and 403 (forbidden). But there is … Continue reading

Posted in .NET Security, ASP.NET, Katana, OAuth, OWIN, WebAPI | Leave a comment

IdentityServer Beta 1-2

Yesterday we pushed another interim release of IdentityServer to nuget.  You can see all commits here if you are interested. Besides many smaller changes and bug fixes – the main new feature is that you can now configure which claims go into … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | Leave a comment

Announcing Thinktecture IdentityServer v3 – Beta 1

It’s done – and I am happy (and a bit exhausted) – a few minutes ago I closed the last open issue for Beta 1. What’s new It’s been 424 commits since we released Preview 1 – so there is … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, Uncategorized, WebAPI | 10 Comments

NDC London: Identity and Access Control for modern Web Applications and APIs

I am happy to announce that NDC will host our new workshop in London in December! Join us to learn everything that is important to secure modern web applications and APIs using Microsoft’s current and future web stack! Looking forward … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 1 Comment

Covert Redirect – really?

In the era where security vulnerabilities have logos, stickers and mainstream media coverage – it seems to be really easy to attract attention with simple input validation flaws. Quoting: “Covert Redirect is an application that takes a parameter and redirects a … Continue reading

Posted in .NET Security, AuthorizationServer, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | 4 Comments

Thinktecture.IdentityModel v.Next

Thinktecture.IdentityModel (github, nuget) is a popular library in the security community. But we have reached a point now where we realized that we have too many dependencies and too many legacy stuff in it. With the release of Web API … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, Katana, OAuth, WCF, WebAPI | 3 Comments