Clik here to view.
Thinktecture AuthorizationServer v0.5 released
I just uploaded a “feature complete” version of AuthorizationServer to Github. This version has all the features we are planning for v1 – please give us feedback when you think things should work...
View ArticleClik here to view.
Bringing SWT Support back to Thinktecture IdentityModel
When Microsoft released the JWT library, I thought that’s a good opportunity to remove the SWT support from IdentityModel. But it turns out, there are still scenarios for SWT – so I refreshed my old...
View ArticleClik here to view.
Using IdentityServer to issue tokens for Windows Server ServiceBus
Windows Server ServiceBus supports SWT tokens to authorize actions on a SB namespace or entity (e.g. listen, send or manage). In the Azure version of ServiceBus you would use the Azure Access Control...
View ArticleClik here to view.
IdentityServer: Overview of OpenID Connect Basic Client Profile
Filed under: IdentityModel, IdentityServer, OAuth, WebAPI
View ArticleClik here to view.
Two days of Claims-based Identity & Access Control Workshop in London
Great news! The London edition of the NDC conference has pre-con workshops and Jakob invited us to hold our claims-based identity & access control workshop there. This is the first time Brock and I...
View ArticleClik here to view.
Using AuthorizationServer with Web API v2/Katana–first look
Traditionally we have used Thinktecture.IdentityModel to parse and validate incoming JWT tokens in Web API. The good news is, there is nothing you have to change when moving to Web API v2 – the...
View ArticleClik here to view.
Claims Transformation Middleware for Katana
One missing piece in Katana security/authentication is claims transformation. Fortunately, this is easy to add: public class ClaimsTransformationMiddleware : OwinMiddleware {...
View ArticleClik here to view.
Adding OAuth2 to ADFS (and thus bridging the gap between modern Applications...
AuthorizationServer can be combined with arbitrary authentication methods, but the fact that it comes pre-configured as a WS-Federation relying party, makes it particularly easy to combine it with e.g....
View ArticleClik here to view.
Thinktecture IdentityModel and Web API v2 / Katana
If you are using IdentityModel and the AuthenticationHandler to secure your Web APIs – we have some good and some bad news. The good news is, that IdentityModel continues to work in Web API v2 when...
View ArticleClik here to view.
OWIN Claims Transformation Middleware–Take 2
Thanks to some good feedback from @grumpydev, @loudej and Chriss Ross – I changed my original claims transformation middleware (see here). What I learned is, that for better compatibility and...
View ArticleClik here to view.
Thinktecture.IdentityModel v.Next
Thinktecture.IdentityModel (github, nuget) is a popular library in the security community. But we have reached a point now where we realized that we have too many dependencies and too many legacy stuff...
View ArticleClik here to view.
Adding SAML11 and SAML2 Support to Katana/OWIN
Katana has pretty straightforward extensibility for adding support for token formats. It ships with built-in support for JWT (consuming) and their internal token format (consuming & producing). By...
View ArticleClik here to view.
Retrieving bearer tokens from alternative locations in Katana/OWIN
The Katana bearer token authentication middleware tries to retrieve tokens from the HTTP Authorization header with a scheme of Bearer by default. You can customize this behavior by providing a so...
View ArticleClik here to view.
Thinktecture AuthenticationHandler for Web API v2
Here I mentioned that there are some incompatibilities between AuthenticationHandler and Web API v2/OWIN hosting. As part of making Thinktecture.IdentityModel more modular – I updated the...
View ArticleClik here to view.
Client Certificate Authentication Middleware for Katana
Katana has no middleware to turn SSL client certificates into a ClaimsIdentity. And since I am currently collecting material for my upcoming Web API security course I used the opportunity to experiment...
View ArticleClik here to view.
Adding Refresh Tokens to a Web API v2 Authorization Server
In the last post I showed how to add a simple username/password (aka resource owner password credentials flow) authorization server to Web API v2. This has several advantages: The client does not need...
View ArticleClik here to view.
Thinktecture.IdentityModel.Client v1.0
As part of the restructuring work of IdentityModel, I separated the HTTP and OAuth2 client bits into a separate project. The nice side effect of this is that the client library is now portable and can...
View ArticleClik here to view.
My Web API Security Talk from Software Architect 2013
https://vimeo.com/user22258446/review/79095048/9a4d62f61cFiled under: ASP.NET, AuthorizationServer, Conferences & Training, IdentityModel, IdentityServer, Katana, OAuth, OWIN
View ArticleClik here to view.
Advanced OAuth2: Assertion Flow (how)
My last post described the mechanics and motivation for the OAuth2 assertion flow. In this post I want to show you how you can use Thinktecture AuthorizationServer to implement an assertion flow...
View ArticleClik here to view.
Thinktecture.IdentityModel.Owin.*
To be more in-line with the OWIN / middleware mindset (and because Damian said so) – I broke up our OWIN security assembly into smaller components:...
View Article