-
Recent Posts
Categories
- .NET Security (95)
- ASP.NET (163)
- ASP.NET Core (27)
- AuthorizationServer (33)
- Azure (29)
- Conferences & Training (40)
- IdentityModel (347)
- IdentityServer (205)
- Katana (46)
- OAuth (163)
- OpenID Connect (94)
- OWIN (45)
- Photography (14)
- PolicyServer (3)
- Resources (1)
- Uncategorized (625)
- WCF (109)
- WebAPI (223)
Tweets
Tweets by leastprivilegeFeed
Archives
- May 2021
- October 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- September 2019
- August 2019
- July 2019
- June 2019
- April 2019
- February 2019
- January 2019
- December 2018
- July 2018
- June 2018
- May 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- August 2017
- July 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
Monthly Archives: October 2013
Retrieving bearer tokens from alternative locations in Katana/OWIN
The Katana bearer token authentication middleware tries to retrieve tokens from the HTTP Authorization header with a scheme of Bearer by default. You can customize this behavior by providing a so called Provider (this is a common pattern in Katana). … Continue reading
Posted in IdentityModel, Katana, OWIN, WebAPI
16 Comments
Adding SAML11 and SAML2 Support to Katana/OWIN
Katana has pretty straightforward extensibility for adding support for token formats. It ships with built-in support for JWT (consuming) and their internal token format (consuming & producing). By implementing ISecureDataFormat, you can add your own. The following class is a … Continue reading
Posted in IdentityModel, OWIN, WebAPI
Leave a comment
Thinktecture.IdentityModel v.Next
Thinktecture.IdentityModel (github, nuget) is a popular library in the security community. But we have reached a point now where we realized that we have too many dependencies and too many legacy stuff in it. With the release of Web API … Continue reading
Posted in .NET Security, ASP.NET, IdentityModel, Katana, OAuth, WCF, WebAPI
3 Comments
Using AuthorizationServer with Nancy
Yesterday I tried to find out what it takes to connect a Nancy application to AuthorizationServer. Given the OWIN promise, the “hard parts” like JWT validation should come for free now: public class Startup { public void Configuration(IAppBuilder app) … Continue reading
Posted in AuthorizationServer, WebAPI
Leave a comment
A primer on OWIN cookie authentication middleware for the ASP.NET developer
Originally posted on brockallen:
There have been many changes to how authentication is performed for web applications in Visual Studio 2013. For one, there’s a new “Change Authentication” wizard to configure the various ways an application can authenticate users. The…
Posted in Uncategorized
Leave a comment
MembershipReboot in IdentityServer
Originally posted on brockallen:
Many people have asked for a sample of integrating MembershipReboot into IdentityServer as the identity management library. I was finally galvanized to build a sample and so here it is. It supports all four main extensability…
Posted in Uncategorized
5 Comments
IdentityServer support for disabling SSL for proxy server and load balancing scenarios
Originally posted on brockallen:
By default, IdentityServer requires SSL (for obvious reasons). But there are scenarios where IdentityServer might be deployed behind a load balancer or proxy server. In those situations it might be desirable to relax the SSL requirement…
Posted in Uncategorized
3 Comments
Announcing Thinktecture EmbeddedSts — a simple, local STS for ASP.NET applications
Originally posted on brockallen:
With Visual Studio 2013, Microsoft has provided a new “Change Authentication” wizard that is part of all ASP.NET projects. This includes an option for “Organizational Accounts”, which in essence means federation using the WS-Federation protocol. This…
Posted in Uncategorized
Leave a comment
The good, the bad and the ugly of ASP.NET Identity
Originally posted on brockallen:
Ok, here we go again… and if you don’t know what I’m talking about, then see this post. With Visual Studio 2013 and .NET 4.5.1 we have a new framework called ASP.NET Identity. ASP.NET Identity is…
Posted in Uncategorized
Leave a comment
Using IdentityServer with VS2013/MVC5/One ASP.NET
This of course works just as you expected…
Posted in ASP.NET, IdentityServer
4 Comments