Clik here to view.
Extensions to the Web API/MVC + Forms/Basic Auth Sample: Claims...
I got two questions on the sample from yesterday. AJAX Clients”Will AJAX clients be able to use the Forms Authentication cookie against Web API?” Yes, indeed. In that case add the following flag to the...
View ArticleClik here to view.
Using Claims-based Authorization in MVC and Web API
.NET 4.5 ships with a claims-based authorization infrastructure around the ClaimsAuthorizationManager class. I have written about that before, and I am still a fan of that approach (not necessary of...
View ArticleClik here to view.
Update on Thinktecture IdentityServer v2 Beta (Refresh 2)
Just wanted to give you a quick update what’s happening with IdentityServer. Brock and I were working really hard to get some new features in, e.g. Mobile support for the login and home realm discovery...
View ArticleClik here to view.
OAuth2 in Thinktecture IdentityServer v2: Resource Owner Password Flow
IdentityServer v2 supports the OAuth2 “Resource Owner Password Credential Flow” (see the spec for more details). This flow is for so called “trusted applications”, meaning the user gives his...
View ArticleClik here to view.
Thinktecture IdentityServer v2: Federation with Web Identities
Brock has a nice post describing the OAuth2 work we did in IdentityServer v2. Check it out! http://brockallen.com/2012/11/04/oauth2-in-thinktecture-identityserver-oauth2-identity-providers/ Filed...
View ArticleClik here to view.
Thinktecture IdentityServer v2: Using the OAuth2 Implicit Flow with JavaScript
Nice blog post from Christian! http://weblogs.thinktecture.com/cweyer/2012/11/oauth2-in-thinktecture-identityserver-v2-implicit-grant-flow-with-javascript.html Filed under: IdentityModel,...
View ArticleClik here to view.
Thinktecture IdentityServer Wiki
I started adding content to the wiki on github. If you like to contribute, let me know! https://github.com/thinktecture/Thinktecture.IdentityServer.v2/wiki Filed under: ASP.NET, IdentityModel,...
View ArticleClik here to view.
OAuth2 in Thinktecture IdentityServer v2: Using the Implicit Flow with...
WinRT has built-in support for the “browser control/redirect” sign-in mechanism that is used in OAuth2 implicit flow. The API for that is called the WebAuthenticationBroker and using it has some...
View ArticleClik here to view.
Progress on Thinktecture IdentityServer v2 (hopefully the last update ;)
We’ve been extremely busy with our days jobs in the last weeks – end of year madness. That means we did not have much time to work on IdSrv – but – all the reported bugs seem to be fixed and I will add...
View ArticleClik here to view.
Identity & Access Control in .NET, ASP.NET and WCF 4.5
I just hit my first big milestone in the security curriculum for Pluralsight. All three base identity & access control courses are done and online now. They cover what used to be called WIF and is...
View ArticleClik here to view.
Compatibility between Thinktecture.IdentityModel JWT and Microsoft JWT
I just did a quick test – the JWT token handler in Thinktecture.IdentityModel can consume and validate JWTs coming from Access Control Service. Thought I let you know ;) Nice. Filed under: Azure,...
View ArticleClik here to view.
More Compatibility between Thinktecture.IdentityModel JWT and Microsoft JWT
Reader centralbin comments: “In fact the reverse is also true : You can configure TT-STS as an IP-STS in ACS. The JWT tokens issued by TT-STS can also be consumed in ACS. The only “gotcha” is that you...
View ArticleClik here to view.
Thinktecture.IdentityModel Nuget Package hits 10K downloads
Thanks! Filed under: .NET Security, ASP.NET, IdentityModel, IdentityServer, WCF, WebAPI
View ArticleClik here to view.
Thinktecture IdentityServer v2 RTM
Title says it all – I am glad we could get this done before the end of the year!! Besides bug fixes since the last beta version, we added two features: identity server core nuget package and profile...
View ArticleClik here to view.
ASP.NET (Web API) Security: Prologue
Many people asked me how all the moving parts of Thinktecture.IdentityModel, IdentityServer and ASP.NET and Web API relate to each other. And quite frankly, reading my old blog posts does not always...
View ArticleClik here to view.
Thinktecture IdentityModel v2.3 Breaking Changes
I just uploaded v2.3 to Nuget. There are a number of breaking changes I want to make you aware of (.Net 4.5 version only): By default the Web API authentication handler now requires SSL. You can turn...
View ArticleClik here to view.
How to implement Authentication with OAuth2
I get this question a lot. Short answer: “you don’t!”. For the long answer: http://blogs.msdn.com/b/vbertocci/archive/2013/01/02/oauth-2-0-and-sign-in.aspx Filed under: IdentityModel, OAuth, WebAPI
View ArticleClik here to view.
ASP.NET Web API Security: The Web Host and Service
I will be using the same web hosted Web API service for the sample. The service is very simple: [Authorize] public class IdentityController : ApiController { public ViewClaims Get() {...
View ArticleClik here to view.
ASP.NET Web API Security: Setting up the Sample
You can download the complete source from here. The Web API security sample is in samples/web api security. On my machine I have mapped the samples/web api security/webhost directory to IIS. I am sure...
View ArticleClik here to view.
Claims-based Identity & Access Control Training in February
I just got email confirming the February run of the “identity course” in Oslo. great! There are seats left and you can book here. Cu! Filed under: .NET Security, ASP.NET, Azure, IdentityModel,...
View Article