Author Archives: Dominick Baier

Releasing IdentityModel v4

IdentityModel has been growing organically over the last years, and we felt it is necessary to do some fundamental cleanup. At the same time it is used by a lot of people and companies (currently around 20 million downloads on … Continue reading

Posted in IdentityModel, Uncategorized | Leave a comment

Claims-based Identity & Access Control for .NET, ASP.NET and WCF 4.5 now retired on PluralSight

Time flies! I just got notice from PluralSight that the above mentioned three courses are now retired and are not included in search results anymore. If you still care about this content – the direct links still work, and here … Continue reading

Posted in .NET Security, ASP.NET, Uncategorized, WCF | Leave a comment

End of IdentityServer3 free Support

Back in 2017 we announced the end of IdentityServer3 maintenance. This excluded security bug fixes. As of the 1st of July 2019 Microsoft officially ended support for Katana 3. This means that the platform we originally built-against is now unsupported … Continue reading

Posted in IdentityServer, Katana, Uncategorized | 1 Comment

Another Take on Access Token Management in ASP.NET Core (…and announcing IdentityModel.AspNetCore)

I spent a lot of time on the client side recently – as part of our PolicyServer client libraries work, customer work, our updated guidance for our workshops as well as the various talks Brock and I gave on building … Continue reading

Posted in ASP.NET Core, IdentityModel, OAuth, OpenID Connect, Uncategorized | Leave a comment

IdentityServer4 Roadmap

We didn’t have a lot of time recently to work on IdentityServer4 – and yes, I know there are a lot of open “backlog” issues right now. But fortunately everything is pretty stable and from the open issues, nothing seems … Continue reading

Posted in IdentityServer, Uncategorized | Leave a comment

Try Device Flow with IdentityServer4

The biggest new feature in IdentityServer4 v2.3 is support for the beta Device Flow specification. Device Flow is a flavour of OAuth 2.0 optimised for browserless and/or input-constrained devices. Things like TVs, gaming consoles, printers, cash registers, audio appliances etc. … Continue reading

Posted in ASP.NET Core, IdentityServer, OAuth | Leave a comment

An alternative way to secure SPAs (with ASP.NET Core, OpenID Connect, OAuth 2.0 and ProxyKit)

You might have noticed the recent public discussions around how to securely build SPAs – and especially about the “weak security properties” of the OAuth 2.0 Implicit Flow. Brock has written up a good summary here. The whole implicit vs … Continue reading

Posted in ASP.NET Core, OAuth, OpenID Connect, WebAPI | 12 Comments