Clik here to view.
Resource/Action based Authorization for OWIN (and MVC and Web API)
Authorization is hard – much harder than authentication because it is so application specific. Microsoft went through several iterations of authorization plumbing in .NET, e.g. PrincipalPermission,...
View ArticleClik here to view.
Updated IdentityServer v3 Roadmap (and Refresh Tokens)
Brock and I have been pretty busy the last months and we did not find as much time to work on IdentityServer as we wanted. So we have updated our milestones on github and are currently planning a Beta...
View ArticleClik here to view.
NDC London: Identity and Access Control for modern Web Applications and APIs
I am happy to announce that NDC will host our new workshop in London in December! Join us to learn everything that is important to secure modern web applications and APIs using Microsoft’s current and...
View ArticleClik here to view.
Announcing Thinktecture IdentityServer v3 – Beta 1
It’s done – and I am happy (and a bit exhausted) – a few minutes ago I closed the last open issue for Beta 1. What’s new It’s been 424 commits since we released Preview 1 – so there is quite a lot of...
View ArticleClik here to view.
IdentityServer Beta 1-2
Yesterday we pushed another interim release of IdentityServer to nuget. You can see all commits here if you are interested. Besides many smaller changes and bug fixes – the main new feature is that...
View ArticleClik here to view.
401 vs 403
For years, there’s been an ongoing discussion which HTTP status code to use for “not authorized” scenario – and the original HTTP 1.1 specification wasn’t exactly crystal clear about the distinction...
View ArticleClik here to view.
IdentityServer v3 – Beta 2
We just pushed IdentityServer v3 beta 2 to github and nuget. This time it’s been 161 commits and we added a lot of small things – and a couple of bigger things, e.g.: Update to Katana v3 and JWT...
View ArticleClik here to view.
Identity & Access Control at NDC London 2014
The NDC Agenda is out now – and Brock and me will do a number of identity & access control related sessions. Brock will talk about identity management in ASP.NET – which is a huge topic – so he...
View ArticleClik here to view.
OpenID Connect Hybrid Flow and IdentityServer v3
One of the features we added in Beta 2 is support for hybrid flow (see spec). What is hybrid flow – and why do I care? Well – in a nutshell – OpenID Connect originally extended the two basic OAuth2...
View ArticleClik here to view.
Getting started with IdentityServer v3
Last night I started working on a getting started tutorial for IdentityServer v3 – while writing it, it became clear, that a single walkthrough will definitely not be enough to show the various options...
View ArticleClik here to view.
IdentityServer v3 Beta 2-1
We just did a minor update to Beta 2. Besides some smaller changes and bug fixes we now support redirecting back to a client after logout (very requested feature). I will write a blog post soon...
View ArticleClik here to view.
IdentityServer v3 Beta 3
Some of our users already found out and broke the news – so here’s my official post ;) Beta 3 has been released to github and nuget – 107 commits since Beta 2-1…new features include: Anti-forgery token...
View ArticleClik here to view.
MVP Summit Hackathon: IdentityServer v3 on ASP.NET vNext
Today we had a chance to sit together with the ASP.NET team and try moving IdentityServer to vNext. There are two fundamental approaches for doing that – migrate the code and middleware to the new APIs...
View ArticleClik here to view.
IdentityServer & IdentityManager, Updates and the .NET Foundation
It’s busy times right now but we are still on track with our release plans for IdentityServer (and IdentityManager, which will get more love once IdentityServer is done). In fact we just pushed beta...
View ArticleClik here to view.
The Future of AuthorizationServer
Now that IdentityServer v3 is almost done, it makes sense to “deprecate” some of the older projects. Especially all of the functionality of AuthorizationServer is completely replaced by the IdSrv3...
View ArticleClik here to view.
IdentityServer3 1.0.0
Today is a big day for us! Brock and I started working on the next generation of IdentityServer over 14 months ago. In fact – I remember exactly how I created the very first file (constants.cs)...
View ArticleClik here to view.
.NET Foundation Advisory Council
I have been invited to join the .NET Foundation advisory council – looking forward to it!...
View ArticleClik here to view.
IdentityServer3 vNext
Just a quick update about some upcoming changes in IdentityServer3. The last weeks since the 1.0.0 release in January we did mostly bug fixing, fine tuning and listening to feedback. Inevitably we...
View ArticleClik here to view.
Implicit vs Explicit Authentication in Browser-based Applications
I got the idea for this post from my good friend Pedro Felix – I hope I don’t steal his thunder (I am sure I won’t – since he is much more elaborate than I am) – but when I saw his tweet this morning,...
View ArticleClik here to view.
OpenID Connect Certification for IdentityServer3
I am extremely happy to announce that IdentityServer3 is now officially certified by the OpenID Foundation. http://openid.net/certification/ Version 1.6 and onwards is now fully compatible with the...
View Article
