Category Archives: Katana

Using Discovery and Katana Middleware to write an OpenID Connect Web Client

In the last post I showed how to write an OIDC web client from scratch – this requires to have knowledge of certain configuration parameters of the OIDC provider, e.g.: the URL of the authorize endpoint (and logout endoint) the … Continue reading

Posted in IdentityServer, Katana, OpenID Connect, OWIN | 9 Comments

IdentityServer v3 Nuget and Self-Hosting

Thanks to Damian and Maurice we now have a build script for IdSrv3 that creates a Nuget package *and* internalizes all dependencies. So in other words you only need to reference a single package (well strictly speaking two) to self … Continue reading

Posted in IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | Leave a comment

IdentityServer v3 and Azure WebSites (and other Deployment Simplifications)

(applies to preview 1) A common request for IdentityServer was being able to run on Azure WebSites (or other constrained deployment environments where you don’t have machine level access). This was never easy because our default implementations in v2 had … Continue reading

Posted in ASP.NET, Azure, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 5 Comments

New Pluralsight Course: “Web API v2 Security”

It is finally online! Hope you like it. http://pluralsight.com/training/Courses/TableOfContents/webapi-v2-security

Posted in ASP.NET, AuthorizationServer, Katana, OAuth, OWIN, WebAPI | 22 Comments

Announcing Thinktecture IdentityServer v3 – Preview 1

The last months we’ve been heads down re-writing IdentityServer from scratch (see here for background) – and we are now at a point where we think we have enough up and running to show it to you! What we’ve done … Continue reading

Posted in ASP.NET, AuthorizationServer, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 35 Comments

The Web API v2 OAuth2 Authorization Server Middleware–Is it worth it?

Adding the concept of an authorization server to your web APIs is the recommended architecture for managing authentication and authorization. But writing such a service from scratch is not an easy task. To simplify that, Microsoft included an OAuth2 based … Continue reading

Posted in AuthorizationServer, IdentityServer, Katana, OAuth, OWIN, WebAPI | 18 Comments

OAuth2 and OpenID Connect Scope Validation for OWIN/Katana

In OAuth2 or OpenID Connect you don’t necessarily always use the audience to partition your token space – the scope concept is also commonly used (see also Vittorio’s post from yesterday). A while ago I created a Web API authorize … Continue reading

Posted in IdentityModel, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 3 Comments

OpenID Connect and the IdentityServer Roadmap

Since OpenID Connect has been officially released now, I thought I’ll tell you a little bit more about our plans around our identity open source projects. IdentityServerIdSrv is a very popular identity provider with excellent support for WS-Federation and WS-Trust. … Continue reading

Posted in AuthorizationServer, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 24 Comments

Test driving the WS-Federation Authentication Middleware for Katana

Microsoft just released an alpha version of the “most wanted” middleware for Katana: WS-Federation authentication! I tested the bits against ADFS and of course – IdentityServer – and it is unspectacularly easy to get started (that’s a good thing). 1 … Continue reading

Posted in IdentityServer, Katana, OWIN | 7 Comments

Workshop: Identity & Access Control for modern Web Applications and APIs

Brock and I are currently working on a brand new two day workshop about all things security when building modern web applications and APIs. You can either attend the full two day version at NDC Oslo (June) – or a … Continue reading

Posted in AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 14 Comments