Category Archives: .NET Security

Using iOS11 SFAuthenticationSession with IdentityModel.OidcClient

Starting with iOS 11, there’s a special system service for browser-based authentication called SFAuthenticationSession. This is the recommended approach for OpenID Connect and OAuth 2 native iOS clients (see RFC8252). If you are using our OidcClient library – this is … Continue reading

Posted in .NET Security, IdentityModel, OAuth, OpenID Connect, Uncategorized, WebAPI | Leave a comment

SAML2p Identity Provider Support for IdentityServer4

One very common feature request is support for acting as a SAML2p identity provider. This is not a trivial task, but our friends at Rock Solid Knowledge were working hard, and now published a beta version. Give it a try! … Continue reading

Posted in .NET Security, IdentityServer, OpenID Connect, WebAPI | Leave a comment

IdentityServer4 v2

Wow – this was probably our biggest update ever! Version 2.0 of IdentityServer4 is not only incorporating all the feedback we got over the last year, it also includes the necessary updates for ASP.NET Core 2 – and also has … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OpenID Connect, WebAPI | 4 Comments

Authorization is hard! Slides and Video from NDC Oslo 2017

A while ago I wrote a controversial article about the problems that can arise when mixing authentication and authorization systems – especially when using identity/access tokens to transmit authorization data – you can read it here. In the meanwhile Brock … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | 19 Comments

Techorama 2017

Again Techorama was an awesome conference – kudos to the organizers! Seth and Channel9 recorded my talk and also did an¬†interview¬†– so if you couldn’t be there in person, there are some updates about IdentityServer4 and identity in general.

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments

Financial APIs and IdentityServer

Right now there is quite some movement in the financial sector towards APIs and “collaboration” scenarios. The OpenID Foundation started a dedicated working group on securing Financial APIs (FAPIs) and the upcoming Revised Payment Service EU Directive (PSD2 – official … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | Leave a comment

IdentityServer & Heidelberg on Channel9

Seth and the Channel9 crew visited me in my office in Heidelberg to learn about IdentityServer and German culture. We had a nice day in Heidelberg involving identity, a whiteboard, code, beers & bratwurst ;) enjoy. Part 1 (interview and … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityServer, OAuth, OpenID Connect, Uncategorized | Leave a comment