Category Archives: .NET Security

IdentityServer3 v2 Release and other Tidbits (aka what did I miss during Holidays)

I am back from my annual family/summer vacation. This time it was Norway, and it was excellent. Norway has stunning landscapes and excellent breweries – recommended! During that time Brock released v2 of IdentityServer. This was a big release and … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect | Leave a comment

Transitioning from a Token back to a Windows Identity

Sometimes you are in the situation where you have Windows-based users, but the rest of the application architecture is token-based (e.g. using OpenID Connect or WS-Federation). As long as these users stay in your “token-based world” everything is fine. But … Continue reading

Posted in .NET Security, ASP.NET | Leave a comment

Simplified ASP.NET and MVC 6 Security Templates

As mentioned before – the ASP.NET templates never really tried to make to you help  understand the security features.  Instead they crammed ever single feature into a single “sample app” making it really hard to figure out who does what … Continue reading

Posted in .NET Security, ASP.NET | Leave a comment

IdentityModel 1.0.0 released

Part of the ongoing effort to modernize our libraries, I released IdentityModel today. IdentityModel contains useful helpers, extension methods and constants when working with claims-based identity in general and OAuth 2.0 and OpenID Connect in particular. See the overview here … Continue reading

Posted in .NET Security, IdentityModel, OAuth, OpenID Connect, WebAPI | 4 Comments

The State of Security in ASP.NET 5 and MVC 6: OAuth 2.0, OpenID Connect and IdentityServer

ASP.NET 5 contains a middleware for consuming tokens – but not anymore for producing them. I personally have never been a big fan of the Katana authorization server middleware (see my thoughts here) – and according to this, it seems … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, OWIN, WebAPI | 4 Comments

The State of Security in ASP.NET 5 and MVC 6: Claims & Authentication

Disclaimer: Microsoft announced the roadmap for ASP.NET 5 yesterday – the current release date of the final version is Q1 2016. Some details of the features and APIs I mention will change between now and then. This post is about … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 3 Comments

The State of Security in ASP.NET 5 and MVC 6

We’ve been closely following ASP.NET 5 and MVC 6 since the days it was presented behind closed doors, through the “vNext” and “Project K” phase up to recent beta builds. I personally monitored all developments in the security space in … Continue reading

Posted in .NET Security, ASP.NET, Conferences & Training, IdentityServer, WebAPI | Leave a comment