Monthly Archives: July 2013

Using IdentityServer to issue tokens for Windows Server ServiceBus

Windows Server ServiceBus supports SWT tokens to authorize actions on a SB namespace or entity (e.g. listen, send or manage). In the Azure version of ServiceBus you would use the Azure Access Control Service to issue such tokens. In the … Continue reading

Posted in Azure, IdentityModel, IdentityServer | 8 Comments

Hawk Authentication for ASP.NET Web API using Thinktecture.IdentityModel.45

Originally posted on Badri's Blog:
Hawk is a MAC-based HTTP authentication scheme that provides partial cryptographic verification of HTTP messages. Hawk requires a symmetric key to be shared between the client and the server out-of-band. For more info, see…

Posted in Uncategorized | 1 Comment

Hawk Authentication for ASP.NET Web API using Thinktecture.IdentityModel.45 – Response Payload Verification

Originally posted on Badri's Blog:
This is continuation of my earlier post on implementing Hawk authentication for ASP.NET Web API using Thinktecture.IdentityModel.45. One of the primary design goals of the Hawk scheme is to “simplify and improve HTTP authentication…

Posted in Uncategorized | Leave a comment

Bringing SWT Support back to Thinktecture IdentityModel

When Microsoft released the JWT library, I thought that’s a good opportunity to remove the SWT support from IdentityModel. But it turns out, there are still scenarios for SWT – so I refreshed my old code and added the SWT … Continue reading

Posted in IdentityModel, IdentityServer | 1 Comment

Thinktecture AuthorizationServer v0.5 released

I just uploaded a “feature complete” version of AuthorizationServer to Github. This version has all the features we are planning for v1 – please give us feedback when you  think things should work differently or when you find a bug. … Continue reading

Posted in AuthorizationServer, IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment

Hawk Support in Thinktecture IdentityModel v3.3

I just released v3.3 of IdentityModel to Github and Nuget. It includes the [Scope] attribute for Web API (here) and the clickjacking protection for MVC (here). But the biggest addition is certainly a full featured implementation of the Hawk authentication … Continue reading

Posted in ASP.NET, IdentityModel, OAuth, WebAPI | Leave a comment

IdentityServer: Using WS-Federation with JWT Tokens

WS-Federation is token agnostic – that means you can also use JWT tokens instead of the default SAML ones. Why would you want to do that? Well – JWT’s a slightly more compact which I think is irrelevant for WS-Federation … Continue reading

Posted in ASP.NET, IdentityModel, IdentityServer | 8 Comments

Preventing clickjacking using Thinktecture IdentityModel

Originally posted on brockallen:
I don’t know why it’s taken me this long to add anti-clickjacking support, but I finally needed it myself today so I added it to Thinktecture IdentityModel. If you’re not familiar with clickjacking, it’s an attack…

Posted in Uncategorized | Leave a comment

Tracing in Thinktecture.IdentityModel

A very common question is: “my Web API returns a 401. Why?” The easiest way to find out, is to enable tracing in IdentityModel. Add the following code snippet to your web.config: <system.diagnostics>   <trace autoflush=“true“ />     <sources>     … Continue reading

Posted in IdentityModel, WebAPI | Leave a comment

Some AuthorizationServer Consent Screen Features

Posted in AuthorizationServer, OAuth, WebAPI | Leave a comment