Category Archives: IdentityModel

CORS support in WebAPI, MVC and IIS with Thinktecture.IdentityModel

Posted on June 28, 2012 by Dominick Baier

Brock has added a really nice implementation of CORS to Thinktecture.IdentityModel (both 4.0 and 4.5). Here are all the details.

Posted in IdentityModel, WebAPI | Leave a comment

Session Token JavaScript Sample for Thinktecture.IdentityModel and Web API

Posted on June 28, 2012 by Dominick Baier

Christian has added a new JavaScript sample that shows how to use the session token mechanism. It includes persisting the session token in local storage. Nice! github

Posted in IdentityModel, WebAPI | 17 Comments

Update on Thinktecture.IdentityServer for .NET 4.5

Posted on June 28, 2012 by Dominick Baier

I made some progress on the 4.5 version. It is now a real .NET 4.5/MVC 4 application and I made some minor changes to data handling: Switched to the new universal providers for ASP.NET Switched to SQL Server LocalDB as … Continue reading

Posted in IdentityModel, IdentityServer, WebAPI | 15 Comments

New unified Nuget Package for Thinktecture.IdentityModel

Posted on June 25, 2012 by Dominick Baier

I uploaded a Nuget package for Thinktecture.IdentityModel that contains both the 4.0 and 4.5 versions. That should make it easier. We will try to keep both framework versions as closely in sync as possible.

Posted in IdentityModel, WebAPI | 16 Comments

Extending Authorization in ASP.NET Web API – Part 1: Basics

Posted on June 25, 2012 by Dominick Baier

From my last post you can maybe tell that I prefer to keep my business and authorization logic separate. I am also not a huge fan of annotating my façade with role requirements like the [Authorize] attribute does. In this … Continue reading

Posted in IdentityModel, WebAPI | 3 Comments

Thread.CurrentPrincipal and Propagation to new Threads

Posted on June 25, 2012 by Dominick Baier

I often get questions about this. Here’s an interesting post about the so called “Execution Context” in .NET: http://blogs.msdn.com/b/pfxteam/archive/2012/06/15/executioncontext-vs-synchronizationcontext.aspx

Posted in .NET Security, IdentityModel | Leave a comment

Approaches to (Server-side) Authorization

Posted on June 24, 2012 by Dominick Baier

Authorization is a difficult topic. The implementation is typically so application/developer specific, that when you ask ten people how they do it, you most likely get ten different answers. I think this is also the reason why .NET does not … Continue reading

Posted in .NET Security, IdentityModel, WebAPI | 9 Comments

Taking Control over Azure Access Control Service HRD (without the Help from jQuery)

Posted on June 22, 2012 by Dominick Baier

Vittorio wrote a post earlier today showing how to fetch the identity provider feed from ACS and use it to drive the sign-in handshake from within your application and UI. This is indeed a very useful (and user friendly) approach. … Continue reading

Posted in Azure, IdentityModel | Leave a comment

Introduction to Identity and Access Control in .NET 4.5

Posted on June 21, 2012 by Dominick Baier

I am working together with PluralSight on creating a full fledged curriculum around identity & access control for .NET and Windows. This will include training material around core .NET identity (aka WIF 4.5), ASP.NET web applications, WCF services and ASP.NET … Continue reading

Posted in .NET Security, Conferences & Training, IdentityModel, WebAPI | 2 Comments

Session Token Support for ASP.NET Web API

Posted on June 19, 2012 by Dominick Baier

Disclaimer: This is an experimental feature I added to Thinktecture.IdentityModel.45 (and will soon be back-ported to 4.0) to gather some feedback. It is completely turned off by default. The idea is simple – the authentication library now allows swapping an … Continue reading

Posted in IdentityModel, WebAPI | 30 Comments