Monthly Archives: July 2015

Transitioning from a Token back to a Windows Identity

Posted on July 26, 2015 by Dominick Baier

Sometimes you are in the situation where you have Windows-based users, but the rest of the application architecture is token-based (e.g. using OpenID Connect or WS-Federation). As long as these users stay in your “token-based world” everything is fine. But … Continue reading

Posted in .NET Security, ASP.NET | 6 Comments

Simplified ASP.NET and MVC 6 Security Templates

Posted on July 24, 2015 by Dominick Baier

As mentioned before – the ASP.NET templates never really tried to make to you help  understand the security features.  Instead they crammed ever single feature into a single “sample app” making it really hard to figure out who does what … Continue reading

Posted in .NET Security, ASP.NET | 6 Comments

IdentityModel 1.0.0 released

Posted on July 23, 2015 by Dominick Baier

Part of the ongoing effort to modernize our libraries, I released IdentityModel today. IdentityModel contains useful helpers, extension methods and constants when working with claims-based identity in general and OAuth 2.0 and OpenID Connect in particular. See the overview here … Continue reading

Posted in .NET Security, IdentityModel, OAuth, OpenID Connect, WebAPI | 7 Comments

The State of Security in ASP.NET 5 and MVC 6: OAuth 2.0, OpenID Connect and IdentityServer

Posted on July 22, 2015 by Dominick Baier

ASP.NET 5 contains a middleware for consuming tokens – but not anymore for producing them. I personally have never been a big fan of the Katana authorization server middleware (see my thoughts here) – and according to this, it seems … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, OWIN, WebAPI | 17 Comments

The State of Security in ASP.NET 5 and MVC 6: Claims & Authentication

Posted on July 21, 2015 by Dominick Baier

Disclaimer: Microsoft announced the roadmap for ASP.NET 5 yesterday – the current release date of the final version is Q1 2016. Some details of the features and APIs I mention will change between now and then. This post is about … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 24 Comments

The State of Security in ASP.NET 5 and MVC 6

Posted on July 19, 2015 by Dominick Baier

We’ve been closely following ASP.NET 5 and MVC 6 since the days it was presented behind closed doors, through the “vNext” and “Project K” phase up to recent beta builds. I personally monitored all developments in the security space in … Continue reading

Posted in .NET Security, ASP.NET, Conferences & Training, IdentityServer, WebAPI | Leave a comment

Federated Logout with the Katana WS-Federation Middleware

Posted on July 8, 2015 by Dominick Baier

For some reason the Katana WS-Fed middleware does not seem to implement signout cleanup. This means that your application will ignore federated signout callbacks from the STS which will result in resources like logon cookies not being cleaned up properly. … Continue reading

Posted in .NET Security, ASP.NET, Katana, OWIN | 1 Comment

Security at NDC Oslo

Posted on July 8, 2015 by Dominick Baier

For a developer conference, NDC Oslo had a really strong security track this year. Also the audience appreciated that – from the five highest ranked talks – three were about security. Troy has the proof. I even got to see Bruce … Continue reading

Posted in .NET Security, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | Leave a comment

Give your WCF Security Architecture a Makeover with IdentityServer3

Posted on July 2, 2015 by Dominick Baier

Not everybody has the luxury of being able to start over and build the new & modern version of their software from scratch. Many people I speak to have existing investments in WCF and their “old-school” desktop/intranet architecture. Moving to … Continue reading

Posted in .NET Security, IdentityServer, OAuth, WCF, WebAPI | 38 Comments