Category Archives: .NET Security

Announcing Thinktecture IdentityServer v3 – Beta 1

It’s done – and I am happy (and a bit exhausted) – a few minutes ago I closed the last open issue for Beta 1. What’s new It’s been 424 commits since we released Preview 1 – so there is … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, Uncategorized, WebAPI | 7 Comments

NDC London: Identity and Access Control for modern Web Applications and APIs

I am happy to announce that NDC will host our new workshop in London in December! Join us to learn everything that is important to secure modern web applications and APIs using Microsoft’s current and future web stack! Looking forward … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 1 Comment

Covert Redirect – really?

In the era where security vulnerabilities have logos, stickers and mainstream media coverage – it seems to be really easy to attract attention with simple input validation flaws. Quoting: “Covert Redirect is an application that takes a parameter and redirects a … Continue reading

Posted in .NET Security, AuthorizationServer, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | 3 Comments

Thinktecture.IdentityModel v.Next

Thinktecture.IdentityModel (github, nuget) is a popular library in the security community. But we have reached a point now where we realized that we have too many dependencies and too many legacy stuff in it. With the release of Web API … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, Katana, OAuth, WCF, WebAPI | 3 Comments

Two days of Claims-based Identity & Access Control Workshop in London

Great news! The London edition of the NDC conference has pre-con workshops and Jakob invited us to hold our claims-based identity & access control workshop there. This is the first time Brock and I are teaching the workshop together, and … Continue reading

Posted in .NET Security, ASP.NET, AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, OAuth, OpenID Connect, WCF, WebAPI | Leave a comment

NDC Oslo 2013 Slides and Videos

The NDC videos are online now! Web API Security (includes first public demo ever of AuthorizationServer)Video: https://vimeo.com/68327244Slides: https://speakerdeck.com/leastprivilege/securing-asp-dot-net-web-api-ndc-oslo-2013 OAuth2 – The good, the bad and the uglyVideo: https://vimeo.com/68331687Slides: https://speakerdeck.com/leastprivilege/oauth2-the-good-the-bad-and-the-ugly-ndc-oslo-2013 Enjoy!

Posted in .NET Security, AuthorizationServer, IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment

Update on IdentityModel and IdentityServer

Big news: the Microsoft JWT support is now generally available!. That means that I will update IdentityServer and IdentityModel ASAP (by the end of next week, or rather – after I am done with all my talks at NDC). Speaking … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment