Category Archives: WebAPI

IdentityModel 1.0.0 released

Part of the ongoing effort to modernize our libraries, I released IdentityModel today. IdentityModel contains useful helpers, extension methods and constants when working with claims-based identity in general and OAuth 2.0 and OpenID Connect in particular. See the overview here … Continue reading

Posted in .NET Security, IdentityModel, OAuth, OpenID Connect, WebAPI | 2 Comments

The State of Security in ASP.NET 5 and MVC 6: OAuth 2.0, OpenID Connect and IdentityServer

ASP.NET 5 contains a middleware for consuming tokens – but not anymore for producing them. I personally have never been a big fan of the Katana authorization server middleware (see my thoughts here) – and according to this, it seems … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, OWIN, WebAPI | 2 Comments

The State of Security in ASP.NET 5 and MVC 6: Claims & Authentication

Disclaimer: Microsoft announced the roadmap for ASP.NET 5 yesterday – the current release date of the final version is Q1 2016. Some details of the features and APIs I mention will change between now and then. This post is about … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 3 Comments

The State of Security in ASP.NET 5 and MVC 6

We’ve been closely following ASP.NET 5 and MVC 6 since the days it was presented behind closed doors, through the “vNext” and “Project K” phase up to recent beta builds. I personally monitored all developments in the security space in … Continue reading

Posted in .NET Security, ASP.NET, Conferences & Training, IdentityServer, WebAPI | Leave a comment

Security at NDC Oslo

For a developer conference, NDC Oslo had a really strong security track this year. Also the audience appreciated that – from the five highest ranked talks – three were about security. Troy has the proof. I even got to see Bruce … Continue reading

Posted in .NET Security, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | Leave a comment

Give your WCF Security Architecture a Makeover with IdentityServer3

Not everybody has the luxury of being able to start over and build the new & modern version of their software from scratch. Many people I speak to have existing investments in WCF and their “old-school” desktop/intranet architecture. Moving to … Continue reading

Posted in .NET Security, IdentityServer, OAuth, WCF, WebAPI | 7 Comments

Three days of Identity & Access Control Workshop at SDD Deep Dive – November 2015, London

As part of the SDD Deep Dive event in London – Brock and I will deliver an updated version of our “Identity & Access Control for modern Web Applications and APIs” workshop. For the first time, this will be a … Continue reading

Posted in .NET Security, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | Leave a comment