-
Recent Posts
Categories
- .NET Security (95)
- ASP.NET (163)
- ASP.NET Core (27)
- AuthorizationServer (33)
- Azure (29)
- Conferences & Training (40)
- IdentityModel (347)
- IdentityServer (205)
- Katana (46)
- OAuth (163)
- OpenID Connect (94)
- OWIN (45)
- Photography (14)
- PolicyServer (3)
- Resources (1)
- Uncategorized (626)
- WCF (109)
- WebAPI (223)
Tweets
Tweets by leastprivilegeFeed
Archives
- October 2024
- May 2021
- October 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- September 2019
- August 2019
- July 2019
- June 2019
- April 2019
- February 2019
- January 2019
- December 2018
- July 2018
- June 2018
- May 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- August 2017
- July 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
Category Archives: IdentityModel
Using IdentityModel: Some Samples
Here are some typical usage scenario of IdentityPrincipal in ASP.NET. Simple IsInRole calls (checks for a status claim with a value of ‘Gold’): HttpContext.Current.User.IsInRole(“Gold”); Retrieving the OrderHistory claim: IdentityPrincipal ip = IdentityPrincipal.Current;Claim orderHistory = ip.ClaimSets.FindClaim( Constants.OrderHistoryClaimType, Constants.ApplicationIssuerIdentityClaim); var … Continue reading
Posted in ASP.NET, IdentityModel, WCF
Leave a comment
Using IdentityModel: Adding ASP.NET Support Part 2 (Claims Manager)
The last step for integrating claims into ASP.NET is to write a module that loads authorization policies, creates an AuthorizationContext and persists that on Context.User/Thread.CurrentPrincipal. My module has this simple configuration section: <claimsManager enabled=“true“ addAuthenticationClaims=“true“ roleClaimType=“urn:leastprivilege/claims/customers/status“> <authorizationPolicies> <policy type=“LeastPrivilege.CustomerIdAuthorizationPolicy, App_Code“ … Continue reading
Posted in ASP.NET, IdentityModel
Leave a comment
Using IdentityModel: Adding ASP.NET Support Part 1 (Authentication based Claims)
Adding claims support to ASP.NET is a perfect candidate for an HTTP module. As a reminiscence to RoleManager, I called mine ClaimsManager. The job of the claims manager is this: Creating claims based on the technical authentication details (Windows, Forms, … Continue reading
Posted in ASP.NET, IdentityModel
Leave a comment
Using IdentityModel: IdentityPrincipal
Since V1 of .NET there is a “slot” to store authorization information about the current user: Thread.CurrentPrincipal. This data gets propagated to newly created threads and is deeply integrated into other application frameworks like ASP.NET. To integrate claims into ASP.NET … Continue reading
Posted in ASP.NET, IdentityModel, WCF
Leave a comment
Using IdentityModel: Adding Claims Support to ASP.NET (Spoiler)
Many people asked me how to use claims based authorization in ASP.NET. While I have it working here on my machine (hey – it works on my machine!), I still need to polish the bits before I can release them. … Continue reading
Posted in ASP.NET, IdentityModel
Leave a comment
STS? Available!
In my Post STS? Coming Soon! I linked to information about the upcoming framework for writing STSes (and more) from Microsoft. Unfortunately this is not yet available. Along with Barry and David I am very happy to announce SharpSTS – … Continue reading
Posted in IdentityModel, WCF
Leave a comment
Using IdentityModel: Authorization Context and Claims Transformation outside of WCF
Here I showed you how to transform authentication specific claims to general application claims. The same model can be also used outside of WCF. I will use a client application here as an example and save ASP.NET for a later … Continue reading
Posted in IdentityModel
Leave a comment
Using IdentityModel: Simplifying Calculation of Information Card Unique IDs in WCF
The key to information card backed systems is calculating a stable unique identifier for your users based on the card claims. Typically this is done by hashing the issuer public key (plus some other information like a PPID for managed … Continue reading
Posted in IdentityModel, WCF
Leave a comment
Using IdentityModel: Claims Transformation in WCF
In the previous post I talked about claims transformation. Two authorization policies are necessary for the scenario I described. The first one maps the “technical” identity to an application identity and the second one creates application specific claims based on … Continue reading
Posted in IdentityModel, WCF
Leave a comment
Using IdentityModel: Authorization Policies, Context and Claims Transformation
In the previous posts I talked about claims and claim sets – but where do claim sets come from? The answer is easy – from authorization policies ;) OK – let’s have a closer look. The “container” for claim sets … Continue reading
Posted in IdentityModel, WCF
Leave a comment
leastprivilege.com 