Monthly Archives: June 2013

A closer Look at federated Authentication in AuthorizationServer

Posted on June 30, 2013 by Dominick Baier

Posted in AuthorizationServer, OAuth, WebAPI | Leave a comment

New IdentityServer Feature: Accept encrypted SAML tokens via WS-Federation/HRD

Posted on June 30, 2013 by Dominick Baier

This was long pending and some people asked for it. You can now configure a decryption certificate in the admin area and use that to decrypt incoming SAML tokens via WS-Federation: So far I have only tested with my ADFS … Continue reading →

Posted in IdentityServer | Leave a comment

AuthorizationServer Samples and Information

Posted on June 29, 2013 by Dominick Baier

We think AS is now at a point where it can be used by “normal people” (meaning without having to modify database rows manually etc..) The repo contains a number of samples demonstrating the various flows, e.g.: Client Credentials Flow … Continue reading →

Posted in AuthorizationServer, OAuth, WebAPI | 2 Comments

AuthorizationServer Tutorial Video: Walkthrough of the OAuth2 Flows Sample

Posted on June 28, 2013 by Dominick Baier

Posted in AuthorizationServer, OAuth, WebAPI | 2 Comments

AuthorizationServer Tutorial Video: Initial Setup

Posted on June 28, 2013 by Dominick Baier

Posted in AuthorizationServer, OAuth, WebAPI | Leave a comment

Scope based Authorization in ASP.NET Web API

Posted on June 27, 2013 by Dominick Baier

I am a fan of separating authorization logic and business logic – that’s why I favour the claims-based authorization manager approach. That’s also why I wrote the ClaimsAuthorize filter. If you don’t want to go down the route of a … Continue reading →

Posted in AuthorizationServer, OAuth, WebAPI | 8 Comments

NDC Oslo 2013 Slides and Videos

Posted on June 27, 2013 by Dominick Baier

The NDC videos are online now! Web API Security (includes first public demo ever of AuthorizationServer)Video: https://vimeo.com/68327244Slides: https://speakerdeck.com/leastprivilege/securing-asp-dot-net-web-api-ndc-oslo-2013 OAuth2 – The good, the bad and the uglyVideo: https://vimeo.com/68331687Slides: https://speakerdeck.com/leastprivilege/oauth2-the-good-the-bad-and-the-ugly-ndc-oslo-2013 Enjoy!

Posted in .NET Security, AuthorizationServer, IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment

New Course: Introduction to OAuth2, OpenID Connect and JSON Web Tokens (JWT)

Posted on June 27, 2013 by Dominick Baier

Posted in Uncategorized | Leave a comment

Adding Windows Azure AD (GA) as an Identity Provider in IdentityServer

Posted on June 24, 2013 by Dominick Baier

Things have slightly changed between releases of WAAD, so I thought I quickly document the steps how to add the GA version of WAAD as an identity provider to IdentityServer. If we would support parsing WS-Federation metadata, this could be … Continue reading →

Monthly Archives: June 2013

A closer Look at federated Authentication in AuthorizationServer

New IdentityServer Feature: Accept encrypted SAML tokens via WS-Federation/HRD

AuthorizationServer Samples and Information

AuthorizationServer Tutorial Video: Walkthrough of the OAuth2 Flows Sample

AuthorizationServer Tutorial Video: Initial Setup

Scope based Authorization in ASP.NET Web API

NDC Oslo 2013 Slides and Videos

New Course: Introduction to OAuth2, OpenID Connect and JSON Web Tokens (JWT)

Adding Windows Azure AD (GA) as an Identity Provider in IdentityServer

30K Downloads of Thinktecture IdentityModel

Recent Posts

Categories

Tweets

Feed

Archives