Monthly Archives: February 2014

OpenID Connect and the IdentityServer Roadmap

Since OpenID Connect has been officially released now, I thought I’ll tell you a little bit more about our plans around our identity open source projects. IdentityServerIdSrv is a very popular identity provider with excellent support for WS-Federation and WS-Trust. … Continue reading

Posted in AuthorizationServer, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 24 Comments

Test driving the WS-Federation Authentication Middleware for Katana

Microsoft just released an alpha version of the “most wanted” middleware for Katana: WS-Federation authentication! I tested the bits against ADFS and of course – IdentityServer – and it is unspectacularly easy to get started (that’s a good thing). 1 … Continue reading

Posted in IdentityServer, Katana, OWIN | 7 Comments

Workshop: Identity & Access Control for modern Web Applications and APIs

Brock and I are currently working on a brand new two day workshop about all things security when building modern web applications and APIs. You can either attend the full two day version at NDC Oslo (June) – or a … Continue reading

Posted in AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 14 Comments


To be more in-line with the OWIN / middleware mindset (and because Damian said so) – I broke up our OWIN security assembly into smaller components:* Currently there are four packages: Basic Authentication X.509 client certificate authentication Claims transformation … Continue reading

Posted in IdentityModel, Katana, OWIN, WebAPI | Leave a comment

Using AuthorizationServer with Nancy (updated)

Since I am currently in the process of updating AuthorizationServer and its samples – I thought it would be the right time to throw away my custom Nancy extensions and use Damian Hickey’s nice Nancy.MSOwinSecurity package instead. The outcome is … Continue reading

Posted in AuthorizationServer, Katana, OAuth, OWIN | 5 Comments

AuthorizationServer v1.2

I just uploaded version 1.2 of AuthorizationServer. The big change is that AS is now using MVC and Web API v5.1.1 – additionally there are some bug fixes and a new configuration switch – set the following appSetting to false … Continue reading

Posted in AuthorizationServer, OAuth, WebAPI | 9 Comments

How MembershipReboot stores passwords properly

Originally posted on brockallen:
I’m not going to go into all of the motivation behind proper password hashing — Troy’s done an excellent job of it and he has said it all better than I ever could have. The short…

Posted in Uncategorized | Leave a comment