Category Archives: .NET Security

Thinktecture.IdentityModel v.Next

Thinktecture.IdentityModel (github, nuget) is a popular library in the security community. But we have reached a point now where we realized that we have too many dependencies and too many legacy stuff in it. With the release of Web API … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, Katana, OAuth, WCF, WebAPI | 3 Comments

Two days of Claims-based Identity & Access Control Workshop in London

Great news! The London edition of the NDC conference has pre-con workshops and Jakob invited us to hold our claims-based identity & access control workshop there. This is the first time Brock and I are teaching the workshop together, and … Continue reading

Posted in .NET Security, ASP.NET, AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, OAuth, OpenID Connect, WCF, WebAPI | Leave a comment

NDC Oslo 2013 Slides and Videos

The NDC videos are online now! Web API Security (includes first public demo ever of AuthorizationServer)Video: https://vimeo.com/68327244Slides: https://speakerdeck.com/leastprivilege/securing-asp-dot-net-web-api-ndc-oslo-2013 OAuth2 – The good, the bad and the uglyVideo: https://vimeo.com/68331687Slides: https://speakerdeck.com/leastprivilege/oauth2-the-good-the-bad-and-the-ugly-ndc-oslo-2013 Enjoy!

Posted in .NET Security, AuthorizationServer, IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment

Update on IdentityModel and IdentityServer

Big news: the Microsoft JWT support is now generally available!. That means that I will update IdentityServer and IdentityModel ASAP (by the end of next week, or rather – after I am done with all my talks at NDC). Speaking … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment

Two Weeks to go: NDC Identity & Access Control Workshop

…really looking forward to it! http://www.ndcoslo.com/Article/Workshops/claims Also announcing a special guest: Pedro Felix will do a introduction lecture on OpenID Connect! See you there!

Posted in .NET Security, Azure, Conferences & Training, IdentityModel, IdentityServer, OAuth, WCF, WebAPI | Leave a comment

Web API Security: JSON Web Token/OAuth2 with Thinktecture.IdentityModel AuthenticationHandler

(OK – I only included OAuth2 in the title to get your attention – this applies to whatever framework or technology you use to work with JSON web tokens aka JWTs) Following the pattern from my two previous posts, you … Continue reading

Posted in .NET Security, IdentityModel, IdentityServer, OAuth, WebAPI | 3 Comments

Annual Identity Update on DotNetRocks

It’s this time of the year again! http://www.dotnetrocks.com/default.aspx?ShowNum=863 “Dominick Baier returns to talk to Carl and Richard about the current state of security in .NET 4.5. Dom starts out talking about how WebAPI has impacted the development of web services … Continue reading

Posted in .NET Security, ASP.NET, Azure, IdentityModel, IdentityServer, OAuth, WCF, WebAPI | 1 Comment

Authentication vs Authorization

…in the context of token-based security systems. There are many practical and philosophical ways to discuss the difference between the two terms. But since there is quite some confusion, I want to look at it from the perspective of the … Continue reading

Posted in .NET Security, IdentityModel, IdentityServer, OAuth, WebAPI | 2 Comments

Claims-based Identity & Access Control Pre-Conference Workshop at NDC 2013

This is great news! If you are going to NDC, you can take my identity & access control training as a pre-conference workshop. I have divided the content in a “web apps” day and a “services & the cloud” day. This … Continue reading

Posted in .NET Security, ASP.NET, Azure, Conferences & Training, IdentityModel, IdentityServer, OAuth, WCF, WebAPI | Leave a comment

Claims-based Identity & Access Control Training in February

I just got email confirming the February run of the “identity course” in Oslo. great! There are seats left and you can book here. Cu!  

Posted in .NET Security, ASP.NET, Azure, IdentityModel, IdentityServer, OAuth, WCF, WebAPI | Leave a comment