-
Recent Posts
Categories
- .NET Security (95)
- ASP.NET (163)
- ASP.NET Core (27)
- AuthorizationServer (33)
- Azure (29)
- Conferences & Training (40)
- IdentityModel (347)
- IdentityServer (205)
- Katana (46)
- OAuth (163)
- OpenID Connect (94)
- OWIN (45)
- Photography (14)
- PolicyServer (3)
- Resources (1)
- Uncategorized (625)
- WCF (109)
- WebAPI (223)
Tweets
Tweets by leastprivilegeFeed
Archives
- May 2021
- October 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- September 2019
- August 2019
- July 2019
- June 2019
- April 2019
- February 2019
- January 2019
- December 2018
- July 2018
- June 2018
- May 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- August 2017
- July 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
Category Archives: WebAPI
An alternative way to secure SPAs (with ASP.NET Core, OpenID Connect, OAuth 2.0 and ProxyKit)
You might have noticed the recent public discussions around how to securely build SPAs – and especially about the “weak security properties” of the OAuth 2.0 Implicit Flow. Brock has written up a good summary here. The whole implicit vs … Continue reading
Posted in ASP.NET Core, OAuth, OpenID Connect, WebAPI
15 Comments
Making the IdentityModel Client Libraries HttpClientFactory friendly
IdentityModel has a number of protocol client libraries, e.g. for requesting, refreshing, revoking and introspecting OAuth 2 tokens as well as a client and cache for the OpenID Connect discovery endpoint. While they work fine, the style around libraries that … Continue reading
Posted in ASP.NET Core, IdentityModel, Uncategorized, WebAPI
6 Comments
Mixing UI and API Endpoints in ASP.NET Core 2.1 (aka Dynamic Scheme Selection)
Some people like to co-locate UI and API endpoints in the same application. I generally prefer to keep them separate, but I acknowledge that certain architecture styles make this conscious decision. Server-side UIs typically use cookies for authentication (or a … Continue reading
Posted in ASP.NET Core, OpenID Connect, Uncategorized, WebAPI
14 Comments
The State of HttpClient and .NET Multi-Targeting
IdentityModel is a library that uses HttpClient internally – it should also run on all recent versions of the .NET Framework and .NET Core. HttpClient is sometimes “built-in”, e.g. in the .NET Framework, and sometimes not, e.g. in .NET Core … Continue reading
Posted in IdentityModel, Uncategorized, WebAPI
1 Comment
NDC London 2018 Artefacts
“IdentityServer v2 on ASP.NET Core v2: An update” video “Authorization is hard! (aka the PolicyServer announcement) video DotNetRocks interview audio
Posted in ASP.NET Core, IdentityServer, PolicyServer, Uncategorized, WebAPI
Leave a comment
Sponsoring IdentityServer
Brock and I have been working on free identity & access control related libraries since 2009. This all started as a hobby project, and I can very well remember the day when I said to Brock that we can only … Continue reading
Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI
1 Comment
Updated Templates for IdentityServer4
We finally found the time to put more work into our templates. dotnet new is4empty Creates a minimal IdentityServer4 project without a UI. dotnet new is4ui Adds the quickstart UI to the current project (can be e.g added on top … Continue reading
Posted in ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI
8 Comments
Missing Claims in the ASP.NET Core 2 OpenID Connect Handler?
The new OpenID Connect handler in ASP.NET Core 2 has a different (aka breaking) behavior when it comes to mapping claims from an OIDC provider to the resulting ClaimsPrincipal. This is especially confusing and hard to diagnose since there are … Continue reading
Posted in ASP.NET Core, IdentityServer, OpenID Connect, WebAPI
6 Comments
Using iOS11 SFAuthenticationSession with IdentityModel.OidcClient
Starting with iOS 11, there’s a special system service for browser-based authentication called SFAuthenticationSession. This is the recommended approach for OpenID Connect and OAuth 2 native iOS clients (see RFC8252). If you are using our OidcClient library – this is … Continue reading
Posted in .NET Security, IdentityModel, OAuth, OpenID Connect, Uncategorized, WebAPI
Leave a comment
Templates for IdentityServer4 v2
I finally found the time to update the templates for IdentityServer4 to version 2. You can find the source code and instructions here. To be honest, I didn’t have time to research more advanced features like post-actions (wanted to do … Continue reading
Posted in IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI
Leave a comment
leastprivilege.com 