Monthly Archives: June 2013

A closer Look at federated Authentication in AuthorizationServer

Posted in AuthorizationServer, OAuth, WebAPI | Leave a comment

New IdentityServer Feature: Accept encrypted SAML tokens via WS-Federation/HRD

This was long pending and some people asked for it. You can now configure a decryption certificate in the admin area and use that to decrypt incoming SAML tokens via WS-Federation: So far I have only tested with my ADFS … Continue reading

Posted in IdentityServer | Leave a comment

AuthorizationServer Samples and Information

We think AS is now at a point where it can be used by “normal people” (meaning without having to modify database rows manually etc..) The repo contains a number of samples demonstrating the various flows, e.g.: Client Credentials Flow … Continue reading

Posted in AuthorizationServer, OAuth, WebAPI | 2 Comments

AuthorizationServer Tutorial Video: Walkthrough of the OAuth2 Flows Sample

Posted in AuthorizationServer, OAuth, WebAPI | 2 Comments

AuthorizationServer Tutorial Video: Initial Setup

Posted in AuthorizationServer, OAuth, WebAPI | Leave a comment

Scope based Authorization in ASP.NET Web API

I am a fan of separating authorization logic and business logic – that’s why I favour the claims-based authorization manager approach. That’s also why I wrote the ClaimsAuthorize filter. If you don’t want to go down the route of a … Continue reading

Posted in AuthorizationServer, OAuth, WebAPI | 8 Comments

NDC Oslo 2013 Slides and Videos

The NDC videos are online now! Web API Security (includes first public demo ever of AuthorizationServer)Video: https://vimeo.com/68327244Slides: https://speakerdeck.com/leastprivilege/securing-asp-dot-net-web-api-ndc-oslo-2013 OAuth2 – The good, the bad and the uglyVideo: https://vimeo.com/68331687Slides: https://speakerdeck.com/leastprivilege/oauth2-the-good-the-bad-and-the-ugly-ndc-oslo-2013 Enjoy!

Posted in .NET Security, AuthorizationServer, IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment