Monthly Archives: June 2012

Managing ASP.NET Membership and Roles without Visual Studio

I made a conscious decision to not include any user management features in IdentityServer. It’s a token service. In addition it is based (at least by default) on the standard ASP.NET membership, roles and profile features. So there should be … Continue reading

Posted in ASP.NET, IdentityServer | 9 Comments

CORS support in WebAPI, MVC and IIS with Thinktecture.IdentityModel

Brock has added a really nice implementation of CORS to Thinktecture.IdentityModel (both 4.0 and 4.5). Here are all the details.

Posted in IdentityModel, WebAPI | Leave a comment

Session Token JavaScript Sample for Thinktecture.IdentityModel and Web API

Christian has added a new JavaScript sample that shows how to use the session token mechanism. It includes persisting the session token in local storage. Nice! github

Posted in IdentityModel, WebAPI | 17 Comments

Update on Thinktecture.IdentityServer for .NET 4.5

I made some progress on the 4.5 version. It is now a real .NET 4.5/MVC 4 application and I made some minor changes to data handling: Switched to the new universal providers for ASP.NET Switched to SQL Server LocalDB as … Continue reading

Posted in IdentityModel, IdentityServer, WebAPI | 15 Comments

New unified Nuget Package for Thinktecture.IdentityModel

I uploaded a Nuget package for Thinktecture.IdentityModel that contains both the 4.0 and 4.5 versions. That should make it easier. We will try to keep both framework versions as closely in sync as possible.

Posted in IdentityModel, WebAPI | 16 Comments

Important: Setting the Client Principal in ASP.NET Web API

Due to some unfortunate mechanisms buried deep in ASP.NET, setting Thread.CurrentPrincipal in Web API web hosting is not enough. When hosting in ASP.NET, Thread.CurrentPrincipal might get overridden with HttpContext.Current.User when creating new threads. This means you have to set the … Continue reading

Posted in WebAPI | 7 Comments

Extending Authorization in ASP.NET Web API – Part 1: Basics

From my last post you can maybe tell that I prefer to keep my business and authorization logic separate. I am also not a huge fan of annotating my façade with role requirements like the [Authorize] attribute does. In this … Continue reading

Posted in IdentityModel, WebAPI | 3 Comments

Thread.CurrentPrincipal and Propagation to new Threads

I often get questions about this. Here’s an interesting post about the so called “Execution Context” in .NET:

Posted in .NET Security, IdentityModel | Leave a comment

Approaches to (Server-side) Authorization

Authorization is a difficult topic. The implementation is typically so application/developer specific, that when you ask ten people how they do it, you most likely get ten different answers. I think this is also the reason why .NET does not … Continue reading

Posted in .NET Security, IdentityModel, WebAPI | 9 Comments

Taking Control over Azure Access Control Service HRD (without the Help from jQuery)

Vittorio wrote a post earlier today showing how to fetch the identity provider feed from ACS and use it to drive the sign-in handshake from within your application and UI. This is indeed a very useful (and user friendly) approach. … Continue reading

Posted in Azure, IdentityModel | Leave a comment