Category Archives: IdentityServer

IdentityServer4 v2

Posted on October 6, 2017 by Dominick Baier

Wow – this was probably our biggest update ever! Version 2.0 of IdentityServer4 is not only incorporating all the feedback we got over the last year, it also includes the necessary updates for ASP.NET Core 2 – and also has … Continue reading →

Posted in .NET Security, ASP.NET Core, IdentityServer, OpenID Connect, WebAPI | 4 Comments

Security Advisory for IdentityServer3

Posted on August 8, 2017 by Dominick Baier

One of our users reported an XSS vulnerability in one of our views, which can be potentially used for information disclosure. We confirmed this bug and fixed it. Here’s the official CVE entry. We encourage you to upgrade if possible. … Continue reading →

Posted in IdentityServer, Uncategorized | Leave a comment

Authorization is hard! Slides and Video from NDC Oslo 2017

Posted on July 10, 2017 by Dominick Baier

A while ago I wrote a controversial article about the problems that can arise when mixing authentication and authorization systems – especially when using identity/access tokens to transmit authorization data – you can read it here. In the meanwhile Brock … Continue reading →

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | 19 Comments

Techorama 2017

Posted on May 31, 2017 by Dominick Baier

Again Techorama was an awesome conference – kudos to the organizers! Seth and Channel9 recorded my talk and also did an interview – so if you couldn’t be there in person, there are some updates about IdentityServer4 and identity in general.

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments

Financial APIs and IdentityServer

Posted on May 2, 2017 by Dominick Baier

Right now there is quite some movement in the financial sector towards APIs and “collaboration” scenarios. The OpenID Foundation started a dedicated working group on securing Financial APIs (FAPIs) and the upcoming Revised Payment Service EU Directive (PSD2 – official … Continue reading →

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | Leave a comment

IdentityServer & Heidelberg on Channel9

Posted on April 25, 2017 by Dominick Baier

Seth and the Channel9 crew visited me in my office in Heidelberg to learn about IdentityServer and German culture. We had a nice day in Heidelberg involving identity, a whiteboard, code, beers & bratwurst ;) enjoy. Part 1 (interview and … Continue reading →

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized | Leave a comment

dotnet new Templates for IdentityServer4

Posted on April 12, 2017 by Dominick Baier

The dotnet CLI includes a templating engine that makes it pretty straightforward to create your own project templates (see this blog post for a good intro). This new repo is the home for all IdentityServer4 templates to come – right … Continue reading →

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments

New in IdentityServer4: Events

Posted on March 30, 2017 by Dominick Baier

Well – not really new – but redesigned. IdentityServer4 has two diagnostics facilities – logging and events. While logging is more like low level “printf” style – events represent higher level information about certain logical operations in IdentityServer (think Windows security … Continue reading →

Posted in ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | 3 Comments

Extending IdentityServer4 with WS-Federation Support

Posted on March 3, 2017 by Dominick Baier

When we designed IdentityServer4, we wanted to make it easier to extend the core token service with custom protocol endpoints. So one thing that comes up every now and then is using IdentityServer4 as an identity provider for SharePoint and … Continue reading →

Posted in .NET Security, ASP.NET, IdentityServer | 4 Comments

NDC London 2017

Posted on February 27, 2017 by Dominick Baier

As always – NDC was a very good conference. Brock and I did a workshop, two talks and an interview. Here are the relevant links: Building JavaScript and mobile/native Clients for Token-based Architectures IdentityServer4: New & Improved for ASP.NET Core … Continue reading →

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, OAuth, OpenID Connect, WebAPI | 3 Comments