Category Archives: .NET Security

IdentityServer Beta 1-2

Yesterday we pushed another interim release of IdentityServer to nuget.  You can see all commits here if you are interested. Besides many smaller changes and bug fixes – the main new feature is that you can now configure which claims go into … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | Leave a comment

Announcing Thinktecture IdentityServer v3 – Beta 1

It’s done – and I am happy (and a bit exhausted) – a few minutes ago I closed the last open issue for Beta 1. What’s new It’s been 424 commits since we released Preview 1 – so there is … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, Uncategorized, WebAPI | 11 Comments

NDC London: Identity and Access Control for modern Web Applications and APIs

I am happy to announce that NDC will host our new workshop in London in December! Join us to learn everything that is important to secure modern web applications and APIs using Microsoft’s current and future web stack! Looking forward … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 1 Comment

Covert Redirect – really?

In the era where security vulnerabilities have logos, stickers and mainstream media coverage – it seems to be really easy to attract attention with simple input validation flaws. Quoting: “Covert Redirect is an application that takes a parameter and redirects a … Continue reading

Posted in .NET Security, AuthorizationServer, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | 3 Comments

Thinktecture.IdentityModel v.Next

Thinktecture.IdentityModel (github, nuget) is a popular library in the security community. But we have reached a point now where we realized that we have too many dependencies and too many legacy stuff in it. With the release of Web API … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, Katana, OAuth, WCF, WebAPI | 3 Comments

Two days of Claims-based Identity & Access Control Workshop in London

Great news! The London edition of the NDC conference has pre-con workshops and Jakob invited us to hold our claims-based identity & access control workshop there. This is the first time Brock and I are teaching the workshop together, and … Continue reading

Posted in .NET Security, ASP.NET, AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, OAuth, OpenID Connect, WCF, WebAPI | Leave a comment

NDC Oslo 2013 Slides and Videos

The NDC videos are online now! Web API Security (includes first public demo ever of AuthorizationServer)Video: https://vimeo.com/68327244Slides: https://speakerdeck.com/leastprivilege/securing-asp-dot-net-web-api-ndc-oslo-2013 OAuth2 – The good, the bad and the uglyVideo: https://vimeo.com/68331687Slides: https://speakerdeck.com/leastprivilege/oauth2-the-good-the-bad-and-the-ugly-ndc-oslo-2013 Enjoy!

Posted in .NET Security, AuthorizationServer, IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment