Monthly Archives: December 2016

IdentityServer4.1.0.0

Posted on December 23, 2016 by Dominick Baier

It’s done. Release notes here. Nuget here. Docs here. I am off to holidays. See you next year.

Posted in .NET Security, ASP.NET, OAuth, OpenID Connect, WebAPI | 3 Comments

IdentityServer4 is now OpenID Certified

Posted on December 20, 2016 by Dominick Baier

As of today – IdentityServer4 is official certified by the OpenID Foundation. Release of 1.0 will be this Friday! More details here.

Posted in .NET Security, OAuth, WebAPI | 2 Comments

Identity vs Permissions

Posted on December 16, 2016 by Dominick Baier

We often see people misusing IdentityServer as an authorization/permission management system. This is troublesome – here’s why. IdentityServer (hence the name) is really good at providing a stable identity for your users across all applications in your system. And with … Continue reading

Posted in .NET Security, IdentityServer, OAuth, OpenID Connect, WebAPI | 53 Comments

Optimizing Identity Tokens for size

Posted on December 14, 2016 by Dominick Baier

Generally speaking, you want to keep your (identity) tokens small. They often need to be transferred via length constrained transport mechanisms – especially the browser URL which might have limitations (e.g. 2 KB in IE). You also need to somehow store the … Continue reading

Posted in .NET Security, IdentityServer, OpenID Connect, WebAPI | 5 Comments

IdentityServer4 and ASP.NET Core 1.1

Posted on December 8, 2016 by Dominick Baier

aka RC5 – last RC – promised! The update from ASP.NET Core 1.0 (aka LTS – long term support) to ASP.NET Core 1.1 (aka Current) didn’t go so well (at least IMHO). There were a couple of breaking changes both … Continue reading

Posted in ASP.NET, OAuth, OpenID Connect, WebAPI | 3 Comments

New in IdentityServer4: Resource-based Configuration

Posted on December 1, 2016 by Dominick Baier

For RC4 we decided to re-design our configuration object model for resources (formerly known as scopes). I know, I know – we are not supposed to make fundamental breaking changes once reaching the RC status – but hey – we … Continue reading

Posted in .NET Security, ASP.NET, OAuth, Uncategorized, WebAPI | 44 Comments