Clik here to view.
Preview: Authentication Framework and Claims-based Identity for ASP.NET WebApi
I have moved this to the new ASP.NET WebApi. I am pretty happy with it! You can download the work in progress here: https://github.com/leastprivilege/ASP.NET-WebApi-Security HTH Filed under:...
View ArticleClik here to view.
ASP.NET WebAPI Security 1: Introducing Thinktecture.IdentityModel.Http
Over the course of the next posts I will describe the security options you have when writing services using the new ASP.NET WebAPI. Before I start digging into the gory details, all the sample code and...
View ArticleClik here to view.
ASP.NET WebAPI Security 2: Identity Architecture
Pedro has beaten me to the punch with a detailed post (and diagram) about the WebAPI hosting architecture. So go read his post first, then come back so we can have a closer look at what that means for...
View ArticleClik here to view.
ASP.NET WebAPI Security 3: Extensible Authentication Framework
In my last post, I described the identity architecture of ASP.NET Web API. The short version was, that Web API (beta 1) does not really have an authentication system on its own, but inherits the client...
View ArticleClik here to view.
ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios
The Thinktecture.IdentityModel.Http repository includes a number of samples for the various authentication scenarios. All the clients follow a basic pattern: Acquire client credential (a single token,...
View ArticleClik here to view.
ASP.NET WebAPI Security 5: JavaScript Clients
All samples I showed in my last post were in C#. Christian contributed another client sample in some strange language that is supposed to work well in browsers JavaScript client scenariosThere are two...
View ArticleClik here to view.
Thinktecture.IdentityModel.Http and the ASP.NET Web API CodePlex bits
I will keep the github repo in sync with the major releases of Web API (like Beta, RC, RTM). Because of the changes made to Web API after beta, my current bits don’t build against the CodePlex version...
View ArticleClik here to view.
JSON Web Token (JWT) Support in Thinktecture.IdentityModel
As noted in my last post, I added a simple implementation of JWT to Thinktecture.IdentityModel. It supports plaintext JWTs (unsigned) and symmetric signatures (HMACSHA 256, 384, 512). I haven’t...
View ArticleClik here to view.
Thinktecture.IdentityModel and ASP.NET Web API
As part of my work with the new Thinktecture.IdentityModel and JWT, I also updated the ASP.NET Web API integration. My first drop was based on this article. But had some limitation. The next version is...
View ArticleClik here to view.
The simplest SecurityToken / Handler you can write
Integrating a credential into the whole WIF / .NET 4.5 token and claims ecosystem is “easy” – in the sense of you only have to write a SecurityToken and SecurityTokenHandler implementation. While this...
View ArticleClik here to view.
Thinktecture.IdentityModel and ASP.NET Web API: The MessageHandler
Over the last posts I showed how you can associate HTTP request fields with authentication logic. The last missing piece is the MessageHandler for Web API (see here for more info on message handlers)....
View ArticleClik here to view.
Thinktecture.IdentityServer for .NET 4.5
I have uploaded the first bits of the 4.5 version of IdentityServer to github. I didn’t have time to test this extensively, but since some people have asked me about it, I just uploaded the current...
View ArticleClik here to view.
Web API Sample for Thinktecture.IdentityModel (.NET 4.5)
I added a Web API sample to the github repository. It’s the code I showed at NDC and in my previous posts. Have fun. Filed under: IdentityModel, WebAPI
View ArticleClik here to view.
Thinktecture.IdentityModel.Http (.NET 4.0) updated to MVC 4 RC
Phew..It is getting confusing with all those RCs and versions Anyhow – here you can find the port to MVC 4 RC (from Beta). Filed under: IdentityModel, WebAPI
View ArticleClik here to view.
Updated NuGet Packages for IdentityModel.Http and 4.5
Thinktecture.IdentityModel.Http (.NET 4.0/MVC 4 RC) and Thinktecture.IdentityModel.45 (.NET 4.5 RC) now have updated Nuget packages. See here. Filed under: IdentityModel, WebAPI Tagged: #aspnetwebapi
View ArticleClik here to view.
Thinktecture.IdentityModel.45 and ASP.NET Web API Self-Hosting
One nice “side-effect” of implementing all authentication methods at the Web API layer (MessageHandler) is, that you get hosting independence. The exactly same configuration for the authentication...
View ArticleClik here to view.
My Sessions from NDC 2012
All videos from NDC are online now. This is great content, go check it out! Authentication & Authorization in .NET 4.5 – Claims & Tokens become the standard Model Securing ASP.NET Web APIs...
View ArticleClik here to view.
Update on Thinktecture.IdentityModel and Web API Support
I have cleaned up the github repositories, it became too confusing with all the different versions. The new layout is this: Thinktecture.IdentityModel.45 (github)No changes here, this includes the...
View ArticleClik here to view.
Session Token Support for ASP.NET Web API
Disclaimer: This is an experimental feature I added to Thinktecture.IdentityModel.45 (and will soon be back-ported to 4.0) to gather some feedback. It is completely turned off by default. The idea is...
View ArticleClik here to view.
Introduction to Identity and Access Control in .NET 4.5
I am working together with PluralSight on creating a full fledged curriculum around identity & access control for .NET and Windows. This will include training material around core .NET identity...
View Article