Category Archives: Uncategorized

Beware the combined authorize filter mechanics in ASP.NET Core 2.1

Originally posted on brockallen:
In ASP.NET Core 2.1 one of the security changes was related to how authorization filters work. In essence the filters are now combined, whereas previously they were not. This change in behavior is controlled via the…

Posted in Uncategorized | Leave a comment

IdentityManager2

Originally posted on brockallen:
In 2014 I developed and released the first version of IdentityManager. The intent was to provide a simple, self-contained administrative tool for managing users in your ASP.NET Identity or MembershipReboot identity databases. It targeted the Katana¬†…

Posted in Uncategorized | Leave a comment

Making the IdentityModel Client Libraries HttpClientFactory friendly

IdentityModel has a number of protocol client libraries, e.g. for requesting, refreshing, revoking and introspecting OAuth 2 tokens as well as a client and cache for the OpenID Connect discovery endpoint. While they work fine, the style around libraries that … Continue reading

Posted in ASP.NET Core, IdentityModel, Uncategorized, WebAPI | 2 Comments

Mixing UI and API Endpoints in ASP.NET Core 2.1 (aka Dynamic Scheme Selection)

Some people like to co-locate UI and API endpoints in the same application. I generally prefer to keep them separate, but I acknowledge that certain architecture styles make this conscious decision. Server-side UIs typically use cookies for authentication (or a … Continue reading

Posted in ASP.NET Core, OpenID Connect, Uncategorized, WebAPI | 4 Comments

Improvements in Claim Mapping in the ASP.NET Core 2.1 OpenID Connect Handler

Here I described the various layers of claim mappings going on when doing OpenID Connect with ASP.NET Core. Based on our feedback, the ASP.NET team added another mapping option to reduce the amount of “magic” going on, and thus makes … Continue reading

Posted in ASP.NET Core, OpenID Connect, Uncategorized | 2 Comments

The State of HttpClient and .NET Multi-Targeting

IdentityModel is a library that uses HttpClient internally – it should also run on all recent versions of the .NET Framework and .NET Core. HttpClient is sometimes “built-in”, e.g. in the .NET Framework, and sometimes not, e.g. in .NET Core … Continue reading

Posted in IdentityModel, Uncategorized, WebAPI | Leave a comment

NDC London 2018 Artefacts

“IdentityServer v2 on ASP.NET Core v2: An update” video “Authorization is hard! (aka the PolicyServer announcement) video DotNetRocks interview audio  

Posted in ASP.NET Core, IdentityServer, PolicyServer, Uncategorized, WebAPI | Leave a comment