Clik here to view.
Authorization in ASP.NET Web API
So far I have mostly focused on authentication in Web API. At the end of the day you go through all those hoops just to be able to authorize the user after you know who he is. I am currently … Continue...
View ArticleClik here to view.
Approaches to (Server-side) Authorization
Authorization is a difficult topic. The implementation is typically so application/developer specific, that when you ask ten people how they do it, you most likely get ten different answers. I think...
View ArticleClik here to view.
Extending Authorization in ASP.NET Web API – Part 1: Basics
From my last post you can maybe tell that I prefer to keep my business and authorization logic separate. I am also not a huge fan of annotating my façade with role requirements like the [Authorize]...
View ArticleClik here to view.
Important: Setting the Client Principal in ASP.NET Web API
Due to some unfortunate mechanisms buried deep in ASP.NET, setting Thread.CurrentPrincipal in Web API web hosting is not enough. When hosting in ASP.NET, Thread.CurrentPrincipal might get overridden...
View ArticleClik here to view.
New unified Nuget Package for Thinktecture.IdentityModel
I uploaded a Nuget package for Thinktecture.IdentityModel that contains both the 4.0 and 4.5 versions. That should make it easier. We will try to keep both framework versions as closely in sync as...
View ArticleClik here to view.
Update on Thinktecture.IdentityServer for .NET 4.5
I made some progress on the 4.5 version. It is now a real .NET 4.5/MVC 4 application and I made some minor changes to data handling: Switched to the new universal providers for ASP.NET Switched to SQL...
View ArticleClik here to view.
Session Token JavaScript Sample for Thinktecture.IdentityModel and Web API
Christian has added a new JavaScript sample that shows how to use the session token mechanism. It includes persisting the session token in local storage. Nice! github Filed under: IdentityModel, WebAPI
View ArticleClik here to view.
CORS support in WebAPI, MVC and IIS with Thinktecture.IdentityModel
Brock has added a really nice implementation of CORS to Thinktecture.IdentityModel (both 4.0 and 4.5). Here are all the details. Filed under: IdentityModel, WebAPI
View ArticleClik here to view.
Thinktecture.IdentityModel Nuget updated to RTM
Title says it all http://nuget.org/packages/Thinktecture.IdentityModel Filed under: IdentityModel, WebAPI
View ArticleClik here to view.
Per-Route Claims Transformation in ASP.NET Web API
ASP.NET Web API RTM includes support for per-route message handlers. This allows to do low level work very early in the pipeline (after global message handlers, before authorization filters). See here...
View ArticleClik here to view.
Support for X.509 Client Certificates in Thinktecture.IdentityModel for Web API
Another RTM feature I was waiting for is (reasonable) SSL client certificate support in Web API. Just like all the other authentication methods, you configure client certificate support on the...
View ArticleClik here to view.
WIF & .NET 4.5 Identity and Access Control Training
Just a quick update – I will run my public WIF class for the last time on the 14th/15th November in Oslo (the dates on the page are not correct anymore). After that there will be a brand new .NET …...
View ArticleClik here to view.
Update on Thinktecture IdentityServer
It’s been quiet lately around IdSrv, and the reason is that we are actively working on it But to clear up some confusion, this is the current state: The current stable versions are for .NET 4.0/WIF...
View ArticleClik here to view.
Thinktecture.IdentityServer for .NET 4.5 CTP 1
You can get stable bits now on github. The current version supports WS-Federation, WS-Trust, OAuth2 (resource owner credential profile) and a simple HTTP endpoint. Feedback is always welcome! Filed...
View ArticleClik here to view.
ClaimsIdentity, IsAuthenticated and AuthenticationType in .NET 4.5
There is a subtle (breaking) change of behavior between WIF 1.0 and .NET 4.5. The IIdentity interface has the IsAuthenticated property. This is typically set to true whenever you deal with...
View ArticleClik here to view.
Update on IdentityServer
Preparing for the things to come (very soon), I had to rename the Github repositories for IdentityServer. Sorry for any inconvenience. V1 –...
View ArticleClik here to view.
Thinktecture IdentityServer v2 BETA
IdentityServer v2 beta is done! You can get it from the new thinktecture organization page on github as well as the new project page for IdentityServer (or directly from the download page). What’s...
View ArticleClik here to view.
Setup Thinktecture IdentityServer v2 in 7 minutes
Here’s how: https://vimeo.com/51088126 HTH Filed under: .NET Security, ASP.NET, IdentityModel, IdentityServer, WCF, WebAPI
View ArticleClik here to view.
Samples for Thinktecture.IdentityModel
Many people seem to overlook the samples directory in IdentityModel. So I thought I quickly summarize what you can find there: CorsSamplesSamples and test that show the usage of the CORS support in Web...
View ArticleClik here to view.
Mixing MVC + Forms Authentication and Web API + Basic Authentication
Got several emails recently with questions on how to enable the following scenario: ASP.NET application (e.g. MVC) using Forms Authentication and Web APIs using Basic Authentication to authenticate...
View Article