Clik here to view.
Thinktecture.IdentityModel.* on GitHub
I uploaded Thinkecture.IdentityModel (core) and Thinktecture.IdentityModel.Web (WCF Web Programing Model) to github. I thought that’s the easiest to make the source code available, especially for the...
View ArticleClik here to view.
ASP.NET WebAPI Security 1: Introducing Thinktecture.IdentityModel.Http
Over the course of the next posts I will describe the security options you have when writing services using the new ASP.NET WebAPI. Before I start digging into the gory details, all the sample code and...
View ArticleClik here to view.
ASP.NET WebAPI Security 2: Identity Architecture
Pedro has beaten me to the punch with a detailed post (and diagram) about the WebAPI hosting architecture. So go read his post first, then come back so we can have a closer look at what that means for...
View ArticleClik here to view.
ASP.NET WebAPI Security 3: Extensible Authentication Framework
In my last post, I described the identity architecture of ASP.NET Web API. The short version was, that Web API (beta 1) does not really have an authentication system on its own, but inherits the client...
View ArticleClik here to view.
ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios
The Thinktecture.IdentityModel.Http repository includes a number of samples for the various authentication scenarios. All the clients follow a basic pattern: Acquire client credential (a single token,...
View ArticleClik here to view.
ASP.NET WebAPI Security 5: JavaScript Clients
All samples I showed in my last post were in C#. Christian contributed another client sample in some strange language that is supposed to work well in browsers JavaScript client scenariosThere are two...
View ArticleClik here to view.
Identity in .NET 4.5–Part 1: Status Quo (Beta 1)
.NET 4.5 is a big release for claims-based identity. WIF becomes part of the base class library and structural classes like Claim, ClaimsPrincipal and ClaimsIdentity even go straight into mscorlib. You...
View ArticleClik here to view.
Identity in .NET 4.5–Part 2: Claims Transformation in ASP.NET (Beta 1)
In my last post I described how every identity in .NET 4.5 is now claims-based. If you are coming from WIF you might think, great – how do I transform those claims? Sidebar: What is claims...
View ArticleClik here to view.
Identity in .NET 4.5–Part 3: (Breaking) changes
I recently started porting a private build of Thinktecture.IdentityModel to .NET 4.5 and noticed a number of changes. The good news is that I can delete large parts of my library because many features...
View ArticleClik here to view.
Thinktecture IdentityServer and Contrib Project now on GitHub
title says it all really. I even have a contribution from the community already – a user repository that authenticates against Active Directory. Thanks Marcel Scherpenisse. URLs are:...
View ArticleClik here to view.
Identity in .NET 4.5–Part 4: Claims over Kerberos
Today I found this article about the new Kerberos features in Windows Server 8. It also mentions claims and how to enable them. Made me smile Filed under: .NET Security, IdentityModel
View ArticleClik here to view.
Thinktecture.IdentityModel.Http and the ASP.NET Web API CodePlex bits
I will keep the github repo in sync with the major releases of Web API (like Beta, RC, RTM). Because of the changes made to Web API after beta, my current bits don’t build against the CodePlex version...
View ArticleClik here to view.
Thinktecture.IdentityModel for .NET 4.5
As noted earlier, I started porting Thinktecture.IdentityModel to 4.5. The results will be maintained on Github: https://github.com/thinktecture/Thinktecture.IdentityModel.45 In the future, the Nuget...
View ArticleClik here to view.
Clik here to view.
Progress on Thinktecture.IdentityModel.* for .NET 4.5
I’ve been having a lot of “fun” (more on that in another post) porting all my identity code to .NET 4.5. As part of that I have re-structured the thinktecture identity model helper libraries. Since...
View ArticleClik here to view.
Common WIF Exceptions explained
Just came across this: http://consultingblogs.emc.com/simonevans/archive/2010/11/19/common-windows-identity-foundation-ws-federation-exceptions-explained.aspx Also like the “cert creation cheat sheet”...
View ArticleClik here to view.
JSON Web Token (JWT) Support in Thinktecture.IdentityModel
As noted in my last post, I added a simple implementation of JWT to Thinktecture.IdentityModel. It supports plaintext JWTs (unsigned) and symmetric signatures (HMACSHA 256, 384, 512). I haven’t...
View ArticleClik here to view.
Thinktecture.IdentityModel and ASP.NET Web API
As part of my work with the new Thinktecture.IdentityModel and JWT, I also updated the ASP.NET Web API integration. My first drop was based on this article. But had some limitation. The next version is...
View ArticleClik here to view.
The simplest SecurityToken / Handler you can write
Integrating a credential into the whole WIF / .NET 4.5 token and claims ecosystem is “easy” – in the sense of you only have to write a SecurityToken and SecurityTokenHandler implementation. While this...
View ArticleClik here to view.
Thinktecture.IdentityModel and ASP.NET Web API: The MessageHandler
Over the last posts I showed how you can associate HTTP request fields with authentication logic. The last missing piece is the MessageHandler for Web API (see here for more info on message handlers)....
View Article