Category Archives: .NET Security

“Windows Azure, Identity & Access – and you” Talk from Cloudburst 2012

Posted on October 4, 2012 by Dominick Baier

My talk from Cloudburst 2012 is available here: http://www.streamshed.com/microsoft/cloudburst.htm# This was a nice little conference. recommended. (make sure to also watch Christian’s ServiceBus talk, which also involves identity quite a bit ;)

Posted in .NET Security, Azure, Conferences & Training, IdentityModel, IdentityServer | 2 Comments

ClaimsIdentity, IsAuthenticated and AuthenticationType in .NET 4.5

Posted on September 24, 2012 by Dominick Baier

There is a subtle (breaking) change of behavior between WIF 1.0 and .NET 4.5. The IIdentity interface has the IsAuthenticated property. This is typically set to true whenever you deal with implementations of that interface, e.g as soon as you … Continue reading →

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, WCF, WebAPI | 15 Comments

Thinktecture.IdentityServer for .NET 4.5 CTP 1

Posted on September 21, 2012 by Dominick Baier

You can get stable bits now on github. The current version supports WS-Federation, WS-Trust, OAuth2 (resource owner credential profile) and a simple HTTP endpoint. Feedback is always welcome!

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, WCF, WebAPI | Leave a comment

WIF & .NET 4.5 Identity and Access Control Training

Posted on September 12, 2012 by Dominick Baier

Just a quick update – I will run my public WIF class for the last time on the 14th/15th November in Oslo (the dates on the page are not correct anymore). After that there will be a brand new .NET … Continue reading →

Posted in .NET Security, ASP.NET, Azure, Conferences & Training, IdentityModel, IdentityServer, WCF, WebAPI | 6 Comments

Thread.CurrentPrincipal and Propagation to new Threads

Posted on June 25, 2012 by Dominick Baier

I often get questions about this. Here’s an interesting post about the so called “Execution Context” in .NET: http://blogs.msdn.com/b/pfxteam/archive/2012/06/15/executioncontext-vs-synchronizationcontext.aspx

Posted in .NET Security, IdentityModel | Leave a comment

Approaches to (Server-side) Authorization

Posted on June 24, 2012 by Dominick Baier

Authorization is a difficult topic. The implementation is typically so application/developer specific, that when you ask ten people how they do it, you most likely get ten different answers. I think this is also the reason why .NET does not … Continue reading →

Posted in .NET Security, IdentityModel, WebAPI | 9 Comments

Introduction to Identity and Access Control in .NET 4.5

Posted on June 21, 2012 by Dominick Baier

I am working together with PluralSight on creating a full fledged curriculum around identity & access control for .NET and Windows. This will include training material around core .NET identity (aka WIF 4.5), ASP.NET web applications, WCF services and ASP.NET … Continue reading →

Posted in .NET Security, Conferences & Training, IdentityModel, WebAPI | 2 Comments

“Fluent” API for the X.509 Certificate Store

Posted on May 13, 2012 by Dominick Baier

It is annoying how often I write code directly against X509Store. Maybe this will end this once and for all: var cert = X509.CurrentUser.My.Thumbprint.Find(“abc”).First(); source code here.

Posted in .NET Security | Tagged X.509 | 2 Comments

Identity in .NET 4.5–Part 4: Claims over Kerberos

Posted on April 7, 2012 by Dominick Baier

Today I found this article about the new Kerberos features in Windows Server 8. It also mentions claims and how to enable them. Made me smile ;)

Posted in .NET Security, IdentityModel | Leave a comment

Identity in .NET 4.5–Part 3: (Breaking) changes

Posted on April 4, 2012 by Dominick Baier

I recently started porting a private build of Thinktecture.IdentityModel to .NET 4.5 and noticed a number of changes. The good news is that I can delete large parts of my library because many features are now in the box. Along … Continue reading →

Posted in .NET Security, IdentityModel | 3 Comments