-
Recent Posts
Categories
- .NET Security (94)
- ASP.NET (163)
- ASP.NET Core (23)
- AuthorizationServer (33)
- Azure (29)
- Conferences & Training (40)
- IdentityModel (346)
- IdentityServer (196)
- Katana (46)
- OAuth (152)
- OpenID Connect (85)
- OWIN (45)
- Photography (14)
- PolicyServer (3)
- Resources (1)
- Uncategorized (623)
- WCF (109)
- WebAPI (223)
Tweets
- RT @scottbrady91: Learn how phishing tools such as Evilginx can bypass common MFA methods (such as TOTP and push notifications) and how you… 7 hours ago
- Drinking a Dead Cat Double IPA by Graff Brygghus @ Way Down South — untp.beer/s/c858052623 20 hours ago
Feed
Archives
- January 2020
- September 2019
- August 2019
- July 2019
- June 2019
- April 2019
- February 2019
- January 2019
- December 2018
- July 2018
- June 2018
- May 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- August 2017
- July 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
Monthly Archives: February 2014
OpenID Connect and the IdentityServer Roadmap
Since OpenID Connect has been officially released now, I thought I’ll tell you a little bit more about our plans around our identity open source projects. IdentityServerIdSrv is a very popular identity provider with excellent support for WS-Federation and WS-Trust. … Continue reading
Posted in AuthorizationServer, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI
24 Comments
Test driving the WS-Federation Authentication Middleware for Katana
Microsoft just released an alpha version of the “most wanted” middleware for Katana: WS-Federation authentication! I tested the bits against ADFS and of course – IdentityServer – and it is unspectacularly easy to get started (that’s a good thing). 1 … Continue reading
Posted in IdentityServer, Katana, OWIN
7 Comments
Workshop: Identity & Access Control for modern Web Applications and APIs
Brock and I are currently working on a brand new two day workshop about all things security when building modern web applications and APIs. You can either attend the full two day version at NDC Oslo (June) – or a … Continue reading
Thinktecture.IdentityModel.Owin.*
To be more in-line with the OWIN / middleware mindset (and because Damian said so) – I broke up our OWIN security assembly into smaller components: http://www.nuget.org/packages?q=Thinktecture.IdentityModel.Owin.* Currently there are four packages: Basic Authentication X.509 client certificate authentication Claims transformation … Continue reading
Posted in IdentityModel, Katana, OWIN, WebAPI
Leave a comment
Using AuthorizationServer with Nancy (updated)
Since I am currently in the process of updating AuthorizationServer and its samples – I thought it would be the right time to throw away my custom Nancy extensions and use Damian Hickey’s nice Nancy.MSOwinSecurity package instead. The outcome is … Continue reading
Posted in AuthorizationServer, Katana, OAuth, OWIN
5 Comments
AuthorizationServer v1.2
I just uploaded version 1.2 of AuthorizationServer. The big change is that AS is now using MVC and Web API v5.1.1 – additionally there are some bug fixes and a new configuration switch – set the following appSetting to false … Continue reading
Posted in AuthorizationServer, OAuth, WebAPI
9 Comments
How MembershipReboot stores passwords properly
Originally posted on brockallen:
I’m not going to go into all of the motivation behind proper password hashing — Troy’s done an excellent job of it and he has said it all better than I ever could have. The short…
Posted in Uncategorized
Leave a comment
