Category Archives: IdentityServer

Authorization is hard! Slides and Video from NDC Oslo 2017

A while ago I wrote a controversial article about the problems that can arise when mixing authentication and authorization systems – especially when using identity/access tokens to transmit authorization data – you can read it here. In the meanwhile Brock … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | 19 Comments

Techorama 2017

Again Techorama was an awesome conference – kudos to the organizers! Seth and Channel9 recorded my talk and also did an interview – so if you couldn’t be there in person, there are some updates about IdentityServer4 and identity in general.

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments

Financial APIs and IdentityServer

Right now there is quite some movement in the financial sector towards APIs and “collaboration” scenarios. The OpenID Foundation started a dedicated working group on securing Financial APIs (FAPIs) and the upcoming Revised Payment Service EU Directive (PSD2 – official … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | Leave a comment

IdentityServer & Heidelberg on Channel9

Seth and the Channel9 crew visited me in my office in Heidelberg to learn about IdentityServer and German culture. We had a nice day in Heidelberg involving identity, a whiteboard, code, beers & bratwurst ;) enjoy. Part 1 (interview and … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized | Leave a comment

dotnet new Templates for IdentityServer4

The dotnet CLI includes a templating engine that makes it pretty straightforward to create your own project templates (see this blog post for a good intro). This new repo is the home for all IdentityServer4 templates to come – right … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments

New in IdentityServer4: Events

Well – not really new – but redesigned. IdentityServer4 has two diagnostics facilities – logging and events. While logging is more like low level “printf” style – events represent higher level information about certain logical operations in IdentityServer (think Windows security … Continue reading

Posted in ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | 3 Comments

Extending IdentityServer4 with WS-Federation Support

When we designed IdentityServer4, we wanted to make it easier to extend the core token service with custom protocol endpoints. So one thing that comes up every now and then is using IdentityServer4 as an identity provider for SharePoint and … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer | 2 Comments