Monthly Archives: December 2016

IdentityServer4.1.0.0

It’s done. Release notes here. Nuget here. Docs here. I am off to holidays. See you next year.

Posted in .NET Security, ASP.NET, OAuth, OpenID Connect, WebAPI | 3 Comments

IdentityServer4 is now OpenID Certified

As of today – IdentityServer4 is official certified by the OpenID Foundation. Release of 1.0 will be this Friday! More details here.

Posted in .NET Security, OAuth, WebAPI | 2 Comments

Identity vs Permissions

We often see people misusing IdentityServer as an authorization/permission management system. This is troublesome – here’s why. IdentityServer (hence the name) is really good at providing a stable identity for your users across all applications in your system. And with … Continue reading

Posted in .NET Security, IdentityServer, OAuth, OpenID Connect, WebAPI | 32 Comments

Optimizing Identity Tokens for size

Generally speaking, you want to keep your (identity) tokens small. They often need to be transferred via length constrained transport mechanisms – especially the browser URL which might have limitations (e.g. 2 KB in IE). You also need to somehow store the … Continue reading

Posted in .NET Security, IdentityServer, OpenID Connect, WebAPI | 2 Comments

IdentityServer4 and ASP.NET Core 1.1

aka RC5 – last RC – promised! The update from ASP.NET Core 1.0 (aka LTS – long term support) to ASP.NET Core 1.1 (aka Current) didn’t go so well (at least IMHO). There were a couple of breaking changes both … Continue reading

Posted in ASP.NET, OAuth, OpenID Connect, WebAPI | 3 Comments

New in IdentityServer4: Resource-based Configuration

For RC4 we decided to re-design our configuration object model for resources (formerly known as scopes). I know, I know – we are not supposed to make fundamental breaking changes once reaching the RC status – but hey – we … Continue reading

Posted in .NET Security, ASP.NET, OAuth, Uncategorized, WebAPI | 41 Comments