Category Archives: OAuth

IdentityModel 1.0.0 released

Part of the ongoing effort to modernize our libraries, I released IdentityModel today. IdentityModel contains useful helpers, extension methods and constants when working with claims-based identity in general and OAuth 2.0 and OpenID Connect in particular. See the overview here … Continue reading

Posted in .NET Security, IdentityModel, OAuth, OpenID Connect, WebAPI | 2 Comments

The State of Security in ASP.NET 5 and MVC 6: OAuth 2.0, OpenID Connect and IdentityServer

ASP.NET 5 contains a middleware for consuming tokens – but not anymore for producing them. I personally have never been a big fan of the Katana authorization server middleware (see my thoughts here) – and according to this, it seems … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, OWIN, WebAPI | 2 Comments

The State of Security in ASP.NET 5 and MVC 6: Claims & Authentication

Disclaimer: Microsoft announced the roadmap for ASP.NET 5 yesterday – the current release date of the final version is Q1 2016. Some details of the features and APIs I mention will change between now and then. This post is about … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 3 Comments

Security at NDC Oslo

For a developer conference, NDC Oslo had a really strong security track this year. Also the audience appreciated that – from the five highest ranked talks – three were about security. Troy has the proof. I even got to see Bruce … Continue reading

Posted in .NET Security, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | Leave a comment

Give your WCF Security Architecture a Makeover with IdentityServer3

Not everybody has the luxury of being able to start over and build the new & modern version of their software from scratch. Many people I speak to have existing investments in WCF and their “old-school” desktop/intranet architecture. Moving to … Continue reading

Posted in .NET Security, IdentityServer, OAuth, WCF, WebAPI | 7 Comments

Three days of Identity & Access Control Workshop at SDD Deep Dive – November 2015, London

As part of the SDD Deep Dive event in London – Brock and I will deliver an updated version of our “Identity & Access Control for modern Web Applications and APIs” workshop. For the first time, this will be a … Continue reading

Posted in .NET Security, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | Leave a comment

OpenID Connect Certification for IdentityServer3

I am extremely happy to announce that IdentityServer3 is now officially certified by the OpenID Foundation. http://openid.net/certification/ Version 1.6 and onwards is now fully compatible with the basic, implicit, hybrid and configuration profile of OpenID Connect.

Posted in .NET Security, ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 2 Comments