ASP.NET (Web API) Security: Prologue

Many people asked me how all the moving parts of Thinktecture.IdentityModel, IdentityServer and ASP.NET and Web API relate to each other. And quite frankly, reading my old blog posts does not always help – a lot of things have changed, some links are broken etc…

I decided to re-write my big Web API security sample – and this time I will properly document it while I go. Topics will include authentication scenarios (Basic Authentication, SAML, JWT, session tokens, Hawk), authorization, auditing and other Web API security extensibility points.

You can also follow the status here.

Stay tuned.

This entry was posted in IdentityModel, WebAPI. Bookmark the permalink.

6 Responses to ASP.NET (Web API) Security: Prologue

  1. Steve says:

    Looking forward to this!

  2. Michael says:

    do these samples require an active Authorization server (the constants file has https://identity.thinktecture.com/sample/issue/oauth2/token) running? If the “Webhost” can perform that function I can’t seem to figure out how to configure it/change the constants file

  3. I guess you need to register the OAuth2 client and the corresponding redirect URI

  4. Per Erik Gransøe says:

    I have a case in which a MVC app is using WS-federation against my IdSrv. The MVC app user is authenticated on the IdSrv auth-form and redirected back to the MVC app and a JWT token is generated. Now, the MVC contains jQuery/AJAX making requests to a backend service.

    From th MVC app I can inspect the users claims and this works perfectly. But is it possible also to get the encrypted JWT token? I need it to parse along in the jQuery/AJAX requests mentioned before. (I’ve browsed the sample solution, but I haven’t found the solution yet…).

    Hope you can help me.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s