Clik here to view.
Workshop: Identity & Access Control for modern Web Applications and APIs
Brock and I are currently working on a brand new two day workshop about all things security when building modern web applications and APIs. You can either attend the full two day version at NDC Oslo...
View ArticleClik here to view.
OpenID Connect and the IdentityServer Roadmap
Since OpenID Connect has been officially released now, I thought I’ll tell you a little bit more about our plans around our identity open source projects. IdentityServerIdSrv is a very popular identity...
View ArticleClik here to view.
OAuth2 and OpenID Connect Scope Validation for OWIN/Katana
In OAuth2 or OpenID Connect you don’t necessarily always use the audience to partition your token space – the scope concept is also commonly used (see also Vittorio’s post from yesterday). A while ago...
View ArticleClik here to view.
Announcing Thinktecture IdentityServer v3 – Preview 1
The last months we’ve been heads down re-writing IdentityServer from scratch (see here for background) – and we are now at a point where we think we have enough up and running to show it to you! What...
View ArticleClik here to view.
100k Downloads of Thinktecture IdentityModel
Amazing! Thanks for all the feedback – but keep in mind that this package is deprecated. For Web API => v2 and MVC >= 5 please use the new Thinktecture.IdentityModel.Core and family.Filed under:...
View ArticleClik here to view.
Resource/Action based Authorization for OWIN (and MVC and Web API)
Authorization is hard – much harder than authentication because it is so application specific. Microsoft went through several iterations of authorization plumbing in .NET, e.g. PrincipalPermission,...
View ArticleClik here to view.
NDC London: Identity and Access Control for modern Web Applications and APIs
I am happy to announce that NDC will host our new workshop in London in December! Join us to learn everything that is important to secure modern web applications and APIs using Microsoft’s current and...
View ArticleClik here to view.
Identity & Access Control at NDC London 2014
The NDC Agenda is out now – and Brock and me will do a number of identity & access control related sessions. Brock will talk about identity management in ASP.NET – which is a huge topic – so he...
View ArticleClik here to view.
.NET Foundation Advisory Council
I have been invited to join the .NET Foundation advisory council – looking forward to it!...
View ArticleClik here to view.
Security at NDC Oslo
For a developer conference, NDC Oslo had a really strong security track this year. Also the audience appreciated that – from the five highest ranked talks – three were about security. Troy has the...
View ArticleClik here to view.
IdentityModel 1.0.0 released
Part of the ongoing effort to modernize our libraries, I released IdentityModel today. IdentityModel contains useful helpers, extension methods and constants when working with claims-based identity in...
View ArticleClik here to view.
Web API Security: JSON Web Token/OAuth2 with Thinktecture.IdentityModel...
(OK – I only included OAuth2 in the title to get your attention – this applies to whatever framework or technology you use to work with JSON web tokens aka JWTs) Following the pattern from my two...
View ArticleClik here to view.
Support for X.509 Client Certificates in Thinktecture.IdentityModel for Web API
An old post. But since I am writing about AuthenticationHandler..this is still relevant! leastprivilege.com Another RTM feature I was waiting for is (reasonable) SSL client certificate support in Web...
View ArticleClik here to view.
ASP.NET Web API Authentication: Using multiple (simultaneous) Authentication...
Since day one it was possible to support multiple authentication methods with AuthenticationHandler (see here, here and here for some background). I simply stopped searching for other credentials once...
View ArticleClik here to view.
Two Weeks to go: NDC Identity & Access Control Workshop
…really looking forward to it! http://www.ndcoslo.com/Article/Workshops/claims Also announcing a special guest: Pedro Felix will do a introduction lecture on OpenID Connect! See you there!Filed under:...
View ArticleClik here to view.
Update on IdentityModel and IdentityServer
Big news: the Microsoft JWT support is now generally available!. That means that I will update IdentityServer and IdentityModel ASAP (by the end of next week, or rather – after I am done with all my...
View ArticleClik here to view.
OAuth2 done right
I think I mentioned once or twice that OAuth2 is not for authentication. It is rather a set of patterns for doing delegated authorization for HTTP/Web APIs using access tokens. But most people don’t...
View ArticleClik here to view.
Announcing Thinktecture AuthorizationServer
Today at NDC I announced Brock’s and my new open source project – Thinktecture.AuthorizationServer. AuthorizationServer (AS from now on) is an implementation of the OAuth2 patterns I described here.It...
View ArticleClik here to view.
NDC Oslo 2013 Slides
As usual this was my favourite conference of the year! I already uploaded the slides – I will keep you posted once the videos are online as well. Securing ASP.NET Web API OAuth2 – The good, the bad...
View ArticleClik here to view.
IdentityModel v3 changes
I have updated all the projects (IdentityModel, IdentityServer and AuthorizationServer) and the corresponding samples to the GA version of the Microsoft JWT handler. While doing that, I took the...
View Article
