Category Archives: AuthorizationServer

Using AuthorizationServer with Web API v2/Katana–first look

Traditionally we have used Thinktecture.IdentityModel to parse and validate incoming JWT tokens in Web API. The good news is, there is nothing you have to change when moving to Web API v2 – the delegating handler approach, and thus IdentityModel … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, Katana, OAuth, WebAPI | Leave a comment

Two days of Claims-based Identity & Access Control Workshop in London

Great news! The London edition of the NDC conference has pre-con workshops and Jakob invited us to hold our claims-based identity & access control workshop there. This is the first time Brock and I are teaching the workshop together, and … Continue reading

Posted in .NET Security, ASP.NET, AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, OAuth, OpenID Connect, WCF, WebAPI | Leave a comment

The future of OAuth2 and OpenID Connect in IdentityServer

We are very close to an implementation of the OpenID Connect “Basic Client Profile”. This is the “OAuth2 sign-in” feature in IdentityServer that most people want – just done right. In addition we have AuthorizationServer which features a full implementation … Continue reading

Posted in AuthorizationServer, IdentityServer, OAuth, WebAPI | 2 Comments

Thinktecture AuthorizationServer v0.5 released

I just uploaded a “feature complete” version of AuthorizationServer to Github. This version has all the features we are planning for v1 – please give us feedback when you  think things should work differently or when you find a bug. … Continue reading

Posted in AuthorizationServer, IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment

Some AuthorizationServer Consent Screen Features

Posted in AuthorizationServer, OAuth, WebAPI | Leave a comment

A closer Look at federated Authentication in AuthorizationServer

Posted in AuthorizationServer, OAuth, WebAPI | Leave a comment

AuthorizationServer Samples and Information

We think AS is now at a point where it can be used by “normal people” (meaning without having to modify database rows manually etc..) The repo contains a number of samples demonstrating the various flows, e.g.: Client Credentials Flow … Continue reading

Posted in AuthorizationServer, OAuth, WebAPI | 2 Comments

AuthorizationServer Tutorial Video: Walkthrough of the OAuth2 Flows Sample

Posted in AuthorizationServer, OAuth, WebAPI | 2 Comments

AuthorizationServer Tutorial Video: Initial Setup

Posted in AuthorizationServer, OAuth, WebAPI | Leave a comment

Scope based Authorization in ASP.NET Web API

I am a fan of separating authorization logic and business logic – that’s why I favour the claims-based authorization manager approach. That’s also why I wrote the ClaimsAuthorize filter. If you don’t want to go down the route of a … Continue reading

Posted in AuthorizationServer, OAuth, WebAPI | 8 Comments