Monthly Archives: October 2013

Retrieving bearer tokens from alternative locations in Katana/OWIN

The Katana bearer token authentication middleware tries to retrieve tokens from the HTTP Authorization header with a scheme of Bearer by default. You can customize this behavior by providing a so called Provider (this is a common pattern in Katana). … Continue reading

Posted in IdentityModel, Katana, OWIN, WebAPI | 16 Comments

Adding SAML11 and SAML2 Support to Katana/OWIN

Katana has pretty straightforward extensibility for adding support for token formats. It ships with built-in support for JWT (consuming) and their internal token format (consuming & producing). By implementing ISecureDataFormat, you can add your own. The following class is a … Continue reading

Posted in IdentityModel, OWIN, WebAPI | Leave a comment

Thinktecture.IdentityModel v.Next

Thinktecture.IdentityModel (github, nuget) is a popular library in the security community. But we have reached a point now where we realized that we have too many dependencies and too many legacy stuff in it. With the release of Web API … Continue reading

Posted in .NET Security, ASP.NET, IdentityModel, Katana, OAuth, WCF, WebAPI | 3 Comments

Using AuthorizationServer with Nancy

Yesterday I tried to find out what it takes to connect a Nancy application to AuthorizationServer. Given the OWIN promise, the “hard parts” like JWT validation should come for free now: public class Startup {     public void Configuration(IAppBuilder app) … Continue reading

Posted in AuthorizationServer, WebAPI | Leave a comment

A primer on OWIN cookie authentication middleware for the ASP.NET developer

Originally posted on brockallen:
There have been many changes to how authentication is performed for web applications in Visual Studio 2013. For one, there’s a new “Change Authentication” wizard to configure the various ways an application can authenticate users. The…

Posted in Uncategorized | Leave a comment

MembershipReboot in IdentityServer

Originally posted on brockallen:
Many people have asked for a sample of integrating MembershipReboot into IdentityServer as the identity management library. I was finally galvanized to build a sample and so here it is. It supports all four main extensability…

Posted in Uncategorized | 5 Comments

IdentityServer support for disabling SSL for proxy server and load balancing scenarios

Originally posted on brockallen:
By default, IdentityServer requires SSL (for obvious reasons). But there are scenarios where IdentityServer might be deployed behind a load balancer or proxy server. In those situations it might be desirable to relax the SSL requirement…

Posted in Uncategorized | 3 Comments

Announcing Thinktecture EmbeddedSts — a simple, local STS for ASP.NET applications

Originally posted on brockallen:
With Visual Studio 2013, Microsoft has provided a new “Change Authentication” wizard that is part of all ASP.NET projects. This includes an option for “Organizational Accounts”, which in essence means federation using the WS-Federation protocol. This…

Posted in Uncategorized | Leave a comment

The good, the bad and the ugly of ASP.NET Identity

Originally posted on brockallen:
Ok, here we go again… and if you don’t know what I’m talking about, then see this post. With Visual Studio 2013 and .NET 4.5.1 we have a new framework called ASP.NET Identity. ASP.NET Identity is…

Posted in Uncategorized | Leave a comment

Using IdentityServer with VS2013/MVC5/One ASP.NET

This of course works just as you expected…

Posted in ASP.NET, IdentityServer | 4 Comments