Hawk Support in Thinktecture IdentityModel v3.3

I just released v3.3 of IdentityModel to Github and Nuget.

It includes the [Scope] attribute for Web API (here) and the clickjacking protection for MVC (here).

But the biggest addition is certainly a full featured implementation of the Hawk authentication scheme (spec).

Hawk is a shared secret authentication method where the actual secret is not transmitted on the wire. Instead the secret is used to sign parts of (or the full) HTTP request. The recipient can validate the signature and thus make sure the sender knows the secret key. It also has some replay and integrity protection features when using unsecured transports (though I personally would not recommend to using it as a replacement for SSL).

The implementation is a contribution by Badri from “Pro ASP.NET Web API Security” fame. You can find his intro blog post here and a sample here. Thanks, Badri!

Have fun!

This entry was posted in ASP.NET, IdentityModel, OAuth, WebAPI. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s