I’ve been having a lot of “fun” (more on that in another post) porting all my identity code to .NET 4.5. As part of that I have re-structured the thinktecture identity model helper libraries.
Since much of the old WIF functionality isn’t needed anymore (because the features are now built-in), it almost didn’t make sense anymore to have a base library for all the other satellite libraries (like .Http and .Web). So I decided to fold much of the code from the other libraries directly into identity model and leave separate assemblies for specific integration code (e.g. into MVC4 / Web API). This makes for a cleaner separation and better reuse.
The newest feature is certainly the JWT (Json Web Token) support. A lot of people have been asking for that, so please give it a try.
The work in progress can be found on github.
Following is a high level overview of the code.
Useful helpers, e.g. Base64Url encoding, random number generation, string comparison that doesn’t leak timing information.
Helpers around claims and authorizations, e.g. anonymous claims principal, authentication instant claim, claim permission…
All sorts of useful string constants to deal with algorithms, date time formats, JWT, SWT, WS-Security & WS-Trust
Extension methods around XML (to and from XmlReader, XmlDocument, XDocument), date/time (epoch / intDate support), WS-Trust RSTRs, security token conversion, X509 Certificates.
SecurityToken and SecurityTokenHandler implementations for SWT and JWT. Also includes a generic username token handler and other helpers around low level token handling.
Token handler implementations that are HTTP-friendly, e.g. for SAML, Basic Authentication and SSL client certificates). These classes provide the entry point for building support for HTTP-based services and web APIs.
Helper classes for ASP.NET like a claims authentication module or generic cookie protection using the .NET cookie transforms infrastructure.
Helper classes for WCF. Includes bindings to talk to WS-Trust STSes.
Feedback is always welcome!