Monthly Archives: January 2013

Claims-based Identity & Access Control Training in February

Posted on January 30, 2013 by Dominick Baier

I just got email confirming the February run of the “identity course” in Oslo. great! There are seats left and you can book here. Cu!

Posted in .NET Security, ASP.NET, Azure, IdentityModel, IdentityServer, OAuth, WCF, WebAPI | Leave a comment

Big Brother is WWWatching You – feat. George Orwell

Posted on January 25, 2013 by Dominick Baier

Nicely done! via Bruce Schneier

Posted in Uncategorized | Leave a comment

Thinktecture IdentityServer v2.1

Posted on January 14, 2013 by Dominick Baier

I just uploaded a minor update. This includes the following changes: Fixed bugs in HRD screen SSL redirect filter uses configured SSL port now Fixed a bug in CookieTempData Added application recycle feature available here: http://thinktecture.github.com/Thinktecture.IdentityServer.v2/

Posted in IdentityServer | 9 Comments

Troopers 2013

Posted on January 11, 2013 by Dominick Baier

Troopers is definitely my favourite security conference! It is run and curated by my former employer ERNW and that’s a 100% guarantee for the best cutting edge content in security research & management. One talk I am really looking forward … Continue reading →

Posted in Conferences & Training, OAuth | 1 Comment

ASP.NET Web API Security: Setting up the Sample

Posted on January 9, 2013 by Dominick Baier

You can download the complete source from here. The Web API security sample is in samples/web api security. On my machine I have mapped the samples/web api security/webhost directory to IIS. I am sure you can use IIS Express as … Continue reading →

Posted in IdentityModel, WebAPI | 16 Comments

ASP.NET Web API Security: The Web Host and Service

Posted on January 8, 2013 by Dominick Baier

I will be using the same web hosted Web API service for the sample. The service is very simple: [Authorize] public class IdentityController : ApiController { public ViewClaims Get() { return ViewClaims.GetAll(); } } …and the ViewClaims class simply returns … Continue reading →

Posted in ASP.NET, IdentityModel, IdentityServer, WebAPI | 5 Comments

Using ASP.NET Profile as a Source for Claims in Thinktecture IdentityServer

Posted on January 4, 2013 by Dominick Baier

If you are using the ASP.NET membership/roles/profile infrastructure in IdentityServer, we made it very easy in v2 to use the profile API to add per-user claims to outgoing tokens. Here’s how: 1 Enable ProfileMake sure the profile section is enabled … Continue reading →

Posted in IdentityServer | 4 Comments

How to implement Authentication with OAuth2

Posted on January 4, 2013 by Dominick Baier

I get this question a lot. Short answer: “you don’t!”. For the long answer: http://blogs.msdn.com/b/vbertocci/archive/2013/01/02/oauth-2-0-and-sign-in.aspx

Posted in IdentityModel, OAuth, WebAPI | Leave a comment

Updates on Training

Posted on January 3, 2013 by Dominick Baier

From now on, I will maintain and update the training schedule and course descriptions here: https://leastprivilege.com/training/ Contact me for on-sites and custom courses!

Posted in Conferences & Training | 2 Comments

Thinktecture IdentityModel v2.3 Breaking Changes

Posted on January 2, 2013 by Dominick Baier

I just uploaded v2.3 to Nuget. There are a number of breaking changes I want to make you aware of (.Net 4.5 version only): By default the Web API authentication handler now requires SSL. You can turn that off on … Continue reading →

Posted in IdentityModel, WebAPI | Leave a comment