Category Archives: AuthorizationServer

Workshop: Identity & Access Control for modern Web Applications and APIs

Brock and I are currently working on a brand new two day workshop about all things security when building modern web applications and APIs. You can either attend the full two day version at NDC Oslo (June) – or a … Continue reading

Posted in AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 14 Comments

Using AuthorizationServer with Nancy (updated)

Since I am currently in the process of updating AuthorizationServer and its samples – I thought it would be the right time to throw away my custom Nancy extensions and use Damian Hickey’s nice Nancy.MSOwinSecurity package instead. The outcome is … Continue reading

Posted in AuthorizationServer, Katana, OAuth, OWIN | 5 Comments

AuthorizationServer v1.2

I just uploaded version 1.2 of AuthorizationServer. The big change is that AS is now using MVC and Web API v5.1.1 – additionally there are some bug fixes and a new configuration switch – set the following appSetting to false … Continue reading

Posted in AuthorizationServer, OAuth, WebAPI | 9 Comments

Combining Thinktecture AuthorizationServer with Windows Integrated Authentication

One of the key features of AS is that you can combine it with arbitrary authentication methods. This basically allows to layer OAuth2 and our application and authorization model over any identity management system. Recently the question came up which … Continue reading

Posted in ASP.NET, AuthorizationServer, OAuth, WebAPI | 26 Comments

Advanced OAuth2: Assertion Flow (how)

My last post described the mechanics and motivation for the OAuth2 assertion flow. In this post I want to show you how you can use Thinktecture AuthorizationServer to implement an assertion flow scenario. For this specific example I will use … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, OAuth, WebAPI | 5 Comments

Advanced OAuth2: Assertion Flow (why)

The core OAuth2 spec defines so called flows, which are basically descriptions of the interactions between a client, a user and an authorization server to request access tokens. Another implied fact is, that the resource server and the authorization server … Continue reading

Posted in ASP.NET, AuthorizationServer, OAuth, WebAPI | 1 Comment

My Web API Security Talk from Software Architect 2013

https://vimeo.com/user22258446/review/79095048/9a4d62f61c

Posted in ASP.NET, AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, Katana, OAuth, OWIN | 5 Comments