Category Archives: WebAPI

New Pluralsight Course: “Web API v2 Security”

It is finally online! Hope you like it. http://pluralsight.com/training/Courses/TableOfContents/webapi-v2-security

Posted in ASP.NET, AuthorizationServer, Katana, OAuth, OWIN, WebAPI | 6 Comments

List of Libaries and Projects for OpenID Connect and JWT

..can be found here http://openid.net/developers/libraries/

Posted in OAuth, OpenID Connect, WebAPI | Leave a comment

Announcing Thinktecture IdentityServer v3 – Preview 1

The last months we’ve been heads down re-writing IdentityServer from scratch (see here for background) – and we are now at a point where we think we have enough up and running to show it to you! What we’ve done … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 5 Comments

Integrating AuthorizationServer with Auth0

AuthorizationServer is a lightweight OAuth2 implementation that is designed to integrate with arbitrary identity management systems. I wrote about integration with Thinktecture IdentityServer, ADFS and even plain Windows integrated authentication before. Another really compelling and feature rich identity management is … Continue reading

Posted in ASP.NET, AuthorizationServer, OAuth, WebAPI | Leave a comment

The Web API v2 OAuth2 Authorization Server Middleware–Is it worth it?

Adding the concept of an authorization server to your web APIs is the recommended architecture for managing authentication and authorization. But writing such a service from scratch is not an easy task. To simplify that, Microsoft included an OAuth2 based … Continue reading

Posted in AuthorizationServer, IdentityServer, Katana, OAuth, OWIN, WebAPI | 5 Comments

OAuth2 and OpenID Connect Scope Validation for OWIN/Katana

In OAuth2 or OpenID Connect you don’t necessarily always use the audience to partition your token space – the scope concept is also commonly used (see also Vittorio’s post from yesterday). A while ago I created a Web API authorize … Continue reading

Posted in IdentityModel, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 1 Comment

OpenID Connect and the IdentityServer Roadmap

Since OpenID Connect has been officially released now, I thought I’ll tell you a little bit more about our plans around our identity open source projects. IdentityServerIdSrv is a very popular identity provider with excellent support for WS-Federation and WS-Trust. … Continue reading

Posted in AuthorizationServer, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 24 Comments

Workshop: Identity & Access Control for modern Web Applications and APIs

Brock and I are currently working on a brand new two day workshop about all things security when building modern web applications and APIs. You can either attend the full two day version at NDC Oslo (June) – or a … Continue reading

Posted in AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 14 Comments

Thinktecture.IdentityModel.Owin.*

To be more in-line with the OWIN / middleware mindset (and because Damian said so) – I broke up our OWIN security assembly into smaller components: http://www.nuget.org/packages?q=Thinktecture.IdentityModel.Owin.* Currently there are four packages: Basic Authentication X.509 client certificate authentication Claims transformation … Continue reading

Posted in IdentityModel, Katana, OWIN, WebAPI | Leave a comment

AuthorizationServer v1.2

I just uploaded version 1.2 of AuthorizationServer. The big change is that AS is now using MVC and Web API v5.1.1 – additionally there are some bug fixes and a new configuration switch – set the following appSetting to false … Continue reading

Posted in AuthorizationServer, OAuth, WebAPI | 3 Comments