Category Archives: WebAPI

.NET Core 1.0 is released, but where is IdentityServer?

In short: we are working on it. Migrating the code from Katana to ASP.NET Core was actually mostly mechanical. But obviously new approaches and patterns have been introduced which might, or might not align directly with how we used to … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | Leave a comment

Update for authentication & API access for native applications and IdentityModel.OidcClient

The most relevant spec for authentication and API access for native apps has been recently updated. If you are “that kind of person” that enjoys looking at diffs of pre-release RFCs – you would have spotted a new way of dealing … Continue reading

Posted in IdentityModel, OAuth, OpenID Connect, WebAPI | 7 Comments

Identity Videos, Podcasts and Slides from Conference Season 2016/1

My plan was to cut down on conferences and travelling in general – this didn’t work out ;) I did more conferences in the first 6 months of 2016 than I did in total last year. weird. Here are some … Continue reading

Posted in .NET Security, ASP.NET, Conferences & Training, IdentityModel, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | Leave a comment

IdentityServer4 on ASP.NET Core RC2

This week was quite busy ;) Besides doing a couple of talks and workshops at SDD in London – we also updated all the IdentityServer4 bits to RC2. Many thanks to all the people in the community that were part … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, WebAPI | 9 Comments

NDC London 2016 Wrap-up

NDC has been fantastic again! Good fun, good talks and good company! Brock and I did the usual 2-day version of our Identity & Access Control workshop at the pre-con. This was (probably) the last time we ran the 2-day … Continue reading

Posted in .NET Security, ASP.NET, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | 9 Comments

Which OpenID Connect/OAuth 2.0 Flow is the right One?

That is probably the most common question we get – and the answer is of course: it depends! Machine to Machine Communication This one is easy – since there is no human directly involved, client credentials are used to request … Continue reading

Posted in .NET Security, IdentityServer, OAuth, OpenID Connect, WebAPI | 19 Comments

Announcing IdentityServer for ASP.NET 5 and .NET Core

Over the last couple of years, we’ve been working with the ASP.NET team on the authentication and authorization story for Web API, Katana and ASP.NET 5. This included the design around claims-based identity, authorization and token-based authentication. In the Katana … Continue reading

Posted in ASP.NET, IdentityServer, OAuth, OpenID Connect, Uncategorized, WebAPI | 77 Comments