Monthly Archives: January 2013

Claims-based Identity & Access Control Training in February

I just got email confirming the February run of the “identity course” in Oslo. great! There are seats left and you can book here. Cu!  

Posted in .NET Security, ASP.NET, Azure, IdentityModel, IdentityServer, OAuth, WCF, WebAPI | Leave a comment

Big Brother is WWWatching You – feat. George Orwell

Nicely done! via Bruce Schneier

Posted in Uncategorized | Leave a comment

Thinktecture IdentityServer v2.1

I just uploaded a minor update. This includes the following changes: Fixed bugs in HRD screen SSL redirect filter uses configured SSL port now Fixed a bug in CookieTempData Added application recycle feature available here:

Posted in IdentityServer | 9 Comments

Troopers 2013

Troopers is definitely my favourite security conference! It is run and curated by my former employer ERNW and that’s a 100% guarantee for the best cutting edge content in security research & management. One talk I am really looking forward … Continue reading

Posted in Conferences & Training, OAuth | 1 Comment

ASP.NET Web API Security: Setting up the Sample

You can download the complete source from here. The Web API security sample is in samples/web api security. On my machine I have mapped the samples/web api security/webhost directory to IIS. I am sure you can use IIS Express as … Continue reading

Posted in IdentityModel, WebAPI | 16 Comments

ASP.NET Web API Security: The Web Host and Service

I will be using the same web hosted Web API service for the sample. The service is very simple: [Authorize] public class IdentityController : ApiController {     public ViewClaims Get()     {         return ViewClaims.GetAll();     } } …and the ViewClaims class simply returns … Continue reading

Posted in ASP.NET, IdentityModel, IdentityServer, WebAPI | 5 Comments

Using ASP.NET Profile as a Source for Claims in Thinktecture IdentityServer

If you are using the ASP.NET membership/roles/profile infrastructure in IdentityServer, we made it very easy in v2 to use the profile API to add per-user claims to outgoing tokens. Here’s how: 1 Enable ProfileMake sure the profile section is enabled … Continue reading

Posted in IdentityServer | 4 Comments

How to implement Authentication with OAuth2

I get this question a lot. Short answer: “you don’t!”. For the long answer:

Posted in IdentityModel, OAuth, WebAPI | Leave a comment

Updates on Training

From now on, I will maintain and update the training schedule and course descriptions here: Contact me for on-sites and custom courses!

Posted in Conferences & Training | 2 Comments

Thinktecture IdentityModel v2.3 Breaking Changes

I just uploaded v2.3 to Nuget. There are a number of breaking changes I want to make you aware of (.Net 4.5 version only): By default the Web API authentication handler now requires SSL. You can turn that off on … Continue reading

Posted in IdentityModel, WebAPI | Leave a comment