Category Archives: WebAPI

Why does my Authorize Attribute not work?

Sad title, isn’t it? The alternative would have been “The complicated relationship between claim types, ClaimsPrincipal, the JWT security token handler and the Authorize attribute role checks” – but that wasn’t very catchy. But the reality is, that many people are struggling … Continue reading

Posted in .NET Security, OAuth, OpenID Connect, WebAPI | 2 Comments

Trying IdentityServer

We have a demo instance of IdentityServer3 on I already used this for various samples (e.g. the OpenID Connect native clients) – and it makes it easy to try IdentityServer with your clients without having to deploy and configure … Continue reading

Posted in ASP.NET, IdentityServer, OpenID Connect, OWIN, Uncategorized, WebAPI | 2 Comments

Commercial Support Options for IdentityServer

Many customers have asked us for production support for IdentityServer. While this is something we would love to provide, Brock and I can’t do that on our own because we can’t guarantee the response times. I am happy to announce that … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 1 Comment

Fixing OAuth 2.0 with OpenID Connect?

I didn’t like Nat’s Fixing OAuth? post. “For protecting a resource with low value, current RFC6749 and RFC6750 with an appropriate constraint should be good enough…For protecting a resource whose value is higher than a certain level, e.g., the write … Continue reading

Posted in IdentityServer, OAuth, OpenID Connect, WebAPI | 13 Comments

.NET Core 1.0 is released, but where is IdentityServer?

In short: we are working on it. Migrating the code from Katana to ASP.NET Core was actually mostly mechanical. But obviously new approaches and patterns have been introduced which might, or might not align directly with how we used to … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 2 Comments

Update for authentication & API access for native applications and IdentityModel.OidcClient

The most relevant spec for authentication and API access for native apps has been recently updated. If you are “that kind of person” that enjoys looking at diffs of pre-release RFCs – you would have spotted a new way of dealing … Continue reading

Posted in IdentityModel, OAuth, OpenID Connect, WebAPI | 10 Comments

Identity Videos, Podcasts and Slides from Conference Season 2016/1

My plan was to cut down on conferences and travelling in general – this didn’t work out ;) I did more conferences in the first 6 months of 2016 than I did in total last year. weird. Here are some … Continue reading

Posted in .NET Security, ASP.NET, Conferences & Training, IdentityModel, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | Leave a comment