JWT Validation and Authorization in ASP.NET Core

This post was written and submitted by Michael Rousos In several previous posts, I discussed a customer scenario I ran into recently that required issuing bearer tokens from an ASP.NET Core authentication server and then validating those tokens in a separate ASP.NET Core web service which may not have access to the authentication server. The… Read more

Introducing IdentityServer4 for authentication and access control in ASP.NET Core

This is a guest post by Brock Allen and Dominick Baier. They are security consultants, speakers, and the authors of many popular open source security projects, including IdentityServer. Modern applications need modern identity. The protocols used for implementing features like authentication, single sign-on, API access control and federation are OpenID Connect and OAuth 2.0. IdentityServer… Read more

ASP.NET Identity 2.2.1

We are releasing ASP.NET Identity 2.2.1. The main focus in this release was to fix issues reported in 2.2.0 release. Download this release You can download ASP.NET Identity from the NuGet gallery. You can install or update these packages using the NuGet Package Manager Console, like this: Install-Package Microsoft.AspNet.Identity.EntityFramework –Version 2.2.1 Install-Package Microsoft.AspNet.Identity.Core -Version 2.2.1… Read more

Open sourcing and releasing ASP.NET Identity 2.2.0

We are releasing the final version of ASP.NET Identity 2.2. The main focus in this release was to fix bugs and address performance issues. Open source We have also made the source code publicly available on aspnetidentity.codeplex.com and will be taking contributions to the project. Check out the project home page for more details. Note:… Read more

ASP.NET Identity 2.2.0-alpha1

We are releasing a preview of ASP.NET Identity 2.2.0-alpha1. The main focus in this release was to fix bugs and address performance issues. Download this release You can download ASP.NET Identity from the NuGet gallery. You can install or update these packages using the NuGet Package Manager Console, like this: Install-Package Microsoft.AspNet.Identity.EntityFramework –Version 2.2.0-alpha1 -pre … Read more

Changes to Google OAuth 2.0 and updates in Google middleware for 3.0.0 RC release

This article explains the recent changes made to Google OpenID and OAuth 2.0 along with the corresponding updates to the 3.0.0 RC release of Google OAuth  middleware. Here we will first look at the experience of using Google OAuth middleware in an MVC application with the OWIN 2.1.0 release bits. We will then explain the… Read more

Implementing custom password policy using ASP.NET Identity

We recently released the 2.0.0-alpha1 version of ASP.NET Identity. Learn more here: http://blogs.msdn.com/b/webdev/archive/2013/12/20/announcing-preview-of-microsoft-aspnet-identity-2-0-0-alpha1.aspx To provide a more secure user experience for the application, you might want to customize the password complexity policy. This might include minimum password length, mandatory special characters in the password, disallowing recently used passwords, etc. More information on password policy can… Read more

Organizational Accounts in Visual Studio 2013 RC

Visual Studio 2013 Preview shipped with support to create new ASP.NET projects that can be easily configured with organizational accounts. This support has been simplified and enhanced in this RC version. You can find a detailed step-by-step tutorial on creating an ASP.NET MVC project with single organizational identity at Developing ASP.NET Apps with Windows Azure… Read more

Understanding OWIN Forms authentication in MVC 5

Overview The new security feature design for MVC 5 is based on OWIN authentication middleware. The benefit for it is that security feature can be shared by other components that can be hosted on OWIN. Since the Katana team did a great effort to support the OWIN integrated pipeline in ASP.NET, it can also secure… Read more

Introducing ASP.NET Identity – A membership system for ASP.NET applications

ASP.NET Identity is the new membership system for building ASP.NET web applications. ASP.NET Identity allows you to add login features to your application and makes it easy to customize data about the logged in user. [Update] Please visit  ASP.NET Identity for getting the latest information about ASP.NET Identity project and learning more on how to get… Read more