Monthly Archives: April 2013

Support for X.509 Client Certificates in Thinktecture.IdentityModel for Web API

Posted on April 29, 2013 by Dominick Baier

Originally posted on leastprivilege.com:
Another RTM feature I was waiting for is (reasonable) SSL client certificate support in Web API. Just like all the other authentication methods, you configure client certificate support on the AuthenticationConfiguration object. The following code…

Posted in ASP.NET, IdentityModel, Uncategorized, WebAPI | 8 Comments

Web API Security: JSON Web Token/OAuth2 with Thinktecture.IdentityModel AuthenticationHandler

Posted on April 29, 2013 by Dominick Baier

(OK – I only included OAuth2 in the title to get your attention – this applies to whatever framework or technology you use to work with JSON web tokens aka JWTs) Following the pattern from my two previous posts, you … Continue reading

Posted in .NET Security, IdentityModel, IdentityServer, OAuth, WebAPI | 5 Comments

Web API Security: Basic Authentication with Thinktecture.IdentityModel AuthenticationHandler

Posted on April 22, 2013 by Dominick Baier

In my last post, I showed how to configure the AuthenticationHandler using the AddMapping method. While you have full control here, I added a number of convenience extension methods that cover common use case. Following is an overview of the … Continue reading

Posted in IdentityModel, WebAPI | 58 Comments

ASP.NET Web API Security: The Thinktecture.IdentityModel AuthenticationHandler

Posted on April 22, 2013 by Dominick Baier

AuthenticationHandler is an ASP.NET Web API message handler that can map incoming credentials to a token handler. The token handler in turn can parse credentials and create a principal. In addition AuthenticationHandler provides some common services like claims transformation, session … Continue reading

Posted in IdentityModel, OAuth, WebAPI | 12 Comments

Annual Identity Update on DotNetRocks

Posted on April 16, 2013 by Dominick Baier

It’s this time of the year again! http://www.dotnetrocks.com/default.aspx?ShowNum=863 “Dominick Baier returns to talk to Carl and Richard about the current state of security in .NET 4.5. Dom starts out talking about how WebAPI has impacted the development of web services … Continue reading

Posted in .NET Security, ASP.NET, Azure, IdentityModel, IdentityServer, OAuth, WCF, WebAPI | 1 Comment

Authentication vs Authorization

Posted on April 16, 2013 by Dominick Baier

…in the context of token-based security systems. There are many practical and philosophical ways to discuss the difference between the two terms. But since there is quite some confusion, I want to look at it from the perspective of the … Continue reading

Posted in .NET Security, IdentityModel, IdentityServer, OAuth, WebAPI | 2 Comments

Getting JSON web tokens (JWTs) from ADFS via Thinktecture IdentityServer’s ADFS Integration

Posted on April 15, 2013 by Dominick Baier

Originally posted on brockallen:
Dominick and I recently added three features to IdentityServer that collectively we call “ADFS Integration”. This “ADFS Integration” is a new protocol (which can be enabled, disabled and configured like any other protocol IdentityServer supports). In…

Posted in IdentityModel, IdentityServer, OAuth, Uncategorized, WebAPI | Leave a comment

Driving the WS-Federation Handshake from ASP.NET Web API

Posted on April 14, 2013 by Dominick Baier

In general I think the API design of the WS-Federation support in WIF / .NET 4.5 is a bit unfortunate. It was a strange decision to combine the HTTP module (aka the FAM) and the more generic protocol helpers into … Continue reading

Posted in ASP.NET, IdentityModel, WebAPI | 7 Comments

Photo-only Blog

Posted on April 11, 2013 by Dominick Baier

http://photos.leastprivilege.com  

Posted in Photography | Leave a comment

Open Source Democracy

Posted on April 11, 2013 by Dominick Baier

Really enjoyed this talk: via Dinis

Posted in Uncategorized | Leave a comment