Category Archives: Uncategorized

Automatic OAuth 2.0 Token Management in ASP.NET Core

As part of the recent discussions around how to build clients for OpenID Connect and OAuth 2.0 based systems (see e.g. Brock’s post here), we substantially updated our workshop and supporting libraries. The updated material (both workshop and break-out sessions) will … Continue reading

Posted in ASP.NET Core, Uncategorized | 8 Comments

What happened in 2018?

2018 has been really busy. We worked on a lot of different things, and I just realized that I only wrote eight blog posts in total. I decided to block December to catch up on many work and non-work related … Continue reading

Posted in .NET Security, ASP.NET Core, IdentityModel, IdentityServer, PolicyServer, Uncategorized | Leave a comment

Beware the combined authorize filter mechanics in ASP.NET Core 2.1

Originally posted on brockallen:
In ASP.NET Core 2.1 one of the security changes was related to how authorization filters work. In essence the filters are now combined, whereas previously they were not. This change in behavior is controlled via the…

Posted in Uncategorized | Leave a comment

IdentityManager2

Originally posted on brockallen:
In 2014 I developed and released the first version of IdentityManager. The intent was to provide a simple, self-contained administrative tool for managing users in your ASP.NET Identity or MembershipReboot identity databases. It targeted the Katana …

Posted in Uncategorized | Leave a comment

Making the IdentityModel Client Libraries HttpClientFactory friendly

IdentityModel has a number of protocol client libraries, e.g. for requesting, refreshing, revoking and introspecting OAuth 2 tokens as well as a client and cache for the OpenID Connect discovery endpoint. While they work fine, the style around libraries that … Continue reading

Posted in ASP.NET Core, IdentityModel, Uncategorized, WebAPI | 4 Comments

Mixing UI and API Endpoints in ASP.NET Core 2.1 (aka Dynamic Scheme Selection)

Some people like to co-locate UI and API endpoints in the same application. I generally prefer to keep them separate, but I acknowledge that certain architecture styles make this conscious decision. Server-side UIs typically use cookies for authentication (or a … Continue reading

Posted in ASP.NET Core, OpenID Connect, Uncategorized, WebAPI | 14 Comments

Improvements in Claim Mapping in the ASP.NET Core 2.1 OpenID Connect Handler

Here I described the various layers of claim mappings going on when doing OpenID Connect with ASP.NET Core. Based on our feedback, the ASP.NET team added another mapping option to reduce the amount of “magic” going on, and thus makes … Continue reading

Posted in ASP.NET Core, OpenID Connect, Uncategorized | 2 Comments