New Pluralsight Course: Getting Started with OAuth 2.0

16 September 2018 OAuth

Pluralsight Logo

I’m really excited to announce the release of my latest Pluralsight course: “Getting Started with OAuth 2.0”.

In this course, we take a look at the OAuth 2 authorization framework and some of the work that’s been happening that makes OAuth and its extensions the gold standard for API security.

This course is going to be entirely programming free and is suitable for software developers of any language or stack. That being said, if you’re looking to get started with IdentityServer4, I highly recommend this course as your first step.

Read more

SPA Identity and Access Control with OpenID Connect and IdentityServer4

26 July 2018 Angular

Back in September 2017, I spoke at the .NET South West user group, and I’ve just realized that this is the first time one of my talks has made it online. I thought it was worthwhile sharing, especially since it’s a talk I probably won’t be doing again.

It’s always odd seeing yourself on camera, but I’m fairly happy with how well this talk went, especially considering that this talk took place on one of the few nights in September that I was actually at home/in the country (sorry again, Rachel).

Read more

Getting Started with IdentityManager2

09 July 2018 ASP.NET Identity


IdentityManager is an open source project that offers a modern alternative to the ASP.NET WebSite Administration tool that used to come bundled with Visual Studio. IdentityManager offered a simple user interface that allowed developers to bootstrap a new user store with users and role data and saw considerable popularity despite never being intended for production. IdentityManager was designed for ASP.NET & OWIN, supporting ASP.NET Identity 2 and Membership Reboot, which bring us to the topic of this article.

Introducing IdentityManager2

And that’s not the usual hyped up title...

Read more

A FIDO2 Primer and Proof of Concept using ASP.NET Core

05 July 2018 FIDO

Passwords suck. People have been moaning about this for years, and it is becoming more and more apparent as we see high profile data and account breaches happen every day and the emerging necessity of services such as Have I Been Pwned and Pwned Passwords.

So, what’s the solution? FIDO2 (Fast Identity Online 2) seems a very strong candidate for a passwordless future or at the very least as a second factor, using public key cryptography to bring easy to use, unphishable credentials to the masses.

Security Key by Yubico

In this article, I’m going to talk through the basic ideas and concepts behind FIDO2, and then walk through a basic FIDO2 relying party proof of concept that I have created using ASP.NET Core.

Read more

ASP.NET Core Swagger UI Authorization using IdentityServer4

13 June 2018 Identity Server


Swagger is a useful tool for creating basic, on the fly API documentation via both a standard JSON format that can then be presented via a UI. These UI’s typically allow you to start making demo requests via the browser. However, once we start protecting our API using OAuth, how do we keep this Swagger documentation functional?

Swagger integration with OAuth authorization servers is relatively well documented, so in this article, we’re going to look at the basics of adding IdentityServer support to an ASP.NET Core API using Swagger and then look at the limitations of this approach and some alternatives that might be worth exploring.

This article will demo both Swashbuckle and NSwag.

Read more