Monthly Archives: November 2013

My Web API Security Talk from Software Architect 2013

https://vimeo.com/user22258446/review/79095048/9a4d62f61c

Posted in ASP.NET, AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, Katana, OAuth, OWIN | 5 Comments

NDC London

I am currently doing the last preparations for next week’s NDC in London. This will be a blast! Brock and I are doing our claims-based identity & access control workshop on Monday and Tuesday. On Wednesday part 1 of the … Continue reading

Posted in Conferences & Training, Uncategorized | Leave a comment

Dissecting the Web API Individual Accounts Template–Part 3: External Accounts

Part 1 covered the basic template security setup. Part 2 focused on the features around local accounts and username/password authentication. This part will deal with third party authentication using Google and friends as well as associating a third party account … Continue reading

Posted in ASP.NET, Katana, OAuth, OWIN, WebAPI | 36 Comments

Dissecting the Web API Individual Accounts Template–Part 2: Local Accounts

In the last post I gave an overview of the security setup of the Individual Accounts template. I recommend reading that first. Also Brock has some great background content – here and here. Disclaimer: I would have designed the API … Continue reading

Posted in ASP.NET, Katana, OAuth, OWIN, WebAPI | 11 Comments

Dissecting the Web API Individual Accounts Template–Part 1: Overview

The Web API v2 Individual Accounts template shows off some quite popular application scenarios, e.g. username/password authentication with local accounts (including create account, change/set password) as well as third party authentication using Facebook, Google etc – including linking those external … Continue reading

Posted in ASP.NET, Katana, OAuth, OWIN, WebAPI | 2 Comments

Thinktecture.IdentityModel.Client v1.0

As part of the restructuring work of IdentityModel, I separated the HTTP and OAuth2 client bits into a separate project. The nice side effect of this is that the client library is now portable and can be used in .NET … Continue reading

Posted in IdentityModel, OAuth, WebAPI | 7 Comments

Using tt.idm Hawk Authentication OWIN Middleware with IIS-Hosted ASP.NET Web API

Originally posted on Badri's Blog:
Hawk Authentication in Thinktecture.IdentityModel can be hooked into your ASP.NET Web API through the message handler (HawkAuthenticationHandler) or the OWIN middleware (HawkAuthenticationMiddleware). The sample here is based on a self-hosted web API (WCF channel…

Posted in Uncategorized | Leave a comment