It’s done – and I am happy (and a bit exhausted) – a few minutes ago I closed the last open issue for Beta 1.
It’s been 424 commits since we released Preview 1 – so there is quite a lot of new stuff, but the big features are:
- A completely revamped configuration system that allows replacing bits and pieces of the core server itself – including a DI system
- A plugin infrastructure that allows adding new endpoints (WS-Federation support is a plugin e.g.)
- Refresh tokens
- Infrastructure that allows customizing views and UI assets for re-branding as well as extensibility to insert your own workflows like registration or EULAs
- Support for CORS and HTTP strict transport security
- Content Security Policy (CSP) & stricter caching rules
- Protection against click-jacking
- Control over cookies (lifetime, naming etc)
- more extensibility points
We also split up the solution into separate repos and nugets for better composability:
- EntityFramework persistence layer
- MembershipReboot support
- ASP.NET Identity support
Samples and documentation
We also have a separate repo for samples and added quite a bit of content to the wiki.
With that I am now leaving for holidays! ;) Give IdentityServer a try and give us feedback. A big thanks to all contributors and the people that engaged with us over the various channels!!!
Have a nice summer!
I’d like to give a big thank you to Dominick, Brock and all the other contributors. I’ve been following this pretty closely, I greatly appreciate all the hard work that has gone into this project and look forward to using this in my own work as soon as possible.
Pingback: Thinktectre IdentityManager beta 1 | brockallen
I am trying to embed the server inside the MVC5 project. I would like that my mvc5 controllers check if there are some user authenticated to give access to page with profile info, change password,….. I am using Authorizeattribute but the HttpContext.User.Identity.IsAuthenticated = false the same value for Request.IsAuthenticated when some user is authenticate in IdSrv (cookie name idsrv)
How i can set the ClaimsPrincipal to know some is loggin?
I triyed to use some
but is not working, only if delete the code to active IdentityServer
Sorry for my english.
You need to run IdSrv in its own vdir – e.g. using Map() and then use OpenID Connect to talk to it. The github issue tracker is a better place to discuss these things – but check the wiki first.
Thanks for all, the project and your answer ;)
In the end i used this cookieAuthentication settings
AuthenticationType=”idsrv”, CookieName = “idsrv”, LoginPath = new PathString(“/Account/SignIn”)
and in /Account/Signin action redirect to identity server (to authenticate) to create idsrv cookie
Great job guys ! Since we use IdSrv and Authz separately for now, I’d like to know what is your planning for the next steps ? When approximately do you expect the 1rst stable release (v 1.0) ? Because I plan to deploy it as soon as it will be available. At least in dev environments.
Thank again for your work ! You really help a lot of developers out there.
thanks. Check the milestones on github – they reflect our current thinking.
first of all, great work!!
I have one question: I have a MVC 5 Application with OpenId Connect authentication and I have to call a WCF Service from within that application. Is it possible to use the access token to authenticate against the WCF service?
In theory yes – WCF has the extensibility points to consume JWT tokens from HTTP headers. This has been done before – you have to search for it.