Monthly Archives: September 2013

Adding OAuth2 to ADFS (and thus bridging the gap between modern Applications and Enterprise Back ends)

AuthorizationServer can be combined with arbitrary authentication methods, but the fact that it comes pre-configured as a WS-Federation relying party, makes it particularly easy to combine it with e.g. ADFS. This is a really interesting scenario, because it essentially allows … Continue reading

Posted in AuthorizationServer, IdentityModel, IdentityServer, OAuth, WebAPI | 20 Comments

Claims Transformation Middleware for Katana

One missing piece in Katana security/authentication is claims transformation. Fortunately, this is easy to add: public class ClaimsTransformationMiddleware : OwinMiddleware {     ClaimsAuthenticationManager _claimsAuthenticationManager;       public ClaimsTransformationMiddleware(            OwinMiddleware next,             ClaimsAuthenticationManager claimsAuthenticationManager)        : base(next)     {         if (claimsAuthenticationManager == … Continue reading

Posted in AuthorizationServer, IdentityModel, Katana, WebAPI | 10 Comments

Web API & Security Content at NDC London 2013

I helped putting together some of the content for the first NDC in London. I was mostly involved with the Web API and security related content ā€“ surprise ;) Here are some of my highlights (more to be announced soon): … Continue reading

Posted in Conferences & Training | Leave a comment

Using AuthorizationServer with Web API v2/Katana–first look

Traditionally we have used Thinktecture.IdentityModel to parse and validate incoming JWT tokens in Web API. The good news is, there is nothing you have to change when moving to Web API v2 ā€“ the delegating handler approach, and thus IdentityModel … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, Katana, OAuth, WebAPI | Leave a comment

Back from Holidays

As of today, I am back from holidays.. just wanted to let you know that I discarded all the blog comments from the last four weeks. If you made a comment, and that is still relevant, it would be best … Continue reading

Posted in Uncategorized | Leave a comment

Client certificates and two factor authentication with client certificates in MembershipReboot

Originally posted on brockallen:
I just released v3.0.0 of MembershipReboot. It was a significant enough change to warrant going to 3.0. From my chicken scratch release notes: Features added: separate EF code from the main library. there’s now a new…

Posted in Uncategorized | Leave a comment

Hawk Authentication for ASP.NET Web API using Thinktecture.IdentityModel.45 ā€“ Replay protection

Originally posted on Badri's Blog:
Hawk authentication is designed to work without transport security. When TLS is used, replay protection is not much of an issue but it is an interesting thing to see how replays are handled in…

Posted in Uncategorized | Leave a comment