Over the course of the next posts I will describe the security options you have when writing services using the new ASP.NET WebAPI.
Before I start digging into the gory details, all the sample code and concepts I will show are implemented in the newest incarnation of Thinktecture.IdentityModel:
https://github.com/thinktecture/Thinktecture.IdentityModel.Http
Stay tuned!
leastprivilege.com 
Dominick,
Have you thought about doing a set of “getting started” screen casts like you did for StarterSTS? Maybe along the lines of setting up basic auth in : 1) asp.net, 2) mvc, and 3) web api
I’d love to. But i am too busy right now.
I figured as much, considering how prolific a writer you are. This is just such a positive step forward from roll-your-own authentication that I had to ask ;-)
I am trying to use the “JavaScriptClients” sample and continue to get errors just trying to get the token. The error.statusText shows “No Transport.” I am running the JS samples project in the VS2012 development server while I am running the main WebHost project in my local machine’s IIS7 context. When I try to request the /api/identity action just in the browser, everything works and I can see the identity and the subsequent token via /api/token. Any suggestions? I have changed all of the endpoint hostnames from “adfs.thinktecture.vm” to my local IP address and have also changed the “https://” monikers to “http://”
Thanks,
Matthew
The .Http project is deprecated.
Use this instead:
https://github.com/thinktecture/Thinktecture.IdentityModel.40
I’m actually using the IdentityModel.45 solution and its samples…
Hm – that should work (works on my machine ;)). Use a browser debugger (F12 in chrome / Fiddler) to see if this reveals more information.