OWIN Basic Authentication

20 May 2016 Katana

Basic Authentication is considered a bit of an anti-pattern these days, but it can still be useful in a pinch when you have limited options for integrating with APIs, third party applications or the dreaded legacy applications.

Basic Authentication should never be a recommended solution, however I have met many clients who are still running services that use it and third party applications who only support basic authentication. Some security is better than none, right? I guess that's debatable.

If you want a modern identity solution, check out Identity Server. Identity Server is a one time configuration that will allow you to create your own OAuth, OpenID Connect or WS-Federation Authentication Server (aka Identity Provider, Security Token Service, etc), that can reliably service all of your applications.

This article will cover the theory behind basic authentication, including why we shouldn't really be using it, and then look at how we can integrate it into our OWIN pipeline.

Read more

WS-Federation Token Encryption using Microsoft Katana

08 May 2016 Katana

encrypt

When using the WS-Federation protocol, you usually (or at least should) use certificates to sign your token, allowing the receiver to verify the contents have not been altered in transit, and for Transport Layer Security (TLS, think SSL) in order to provide privacy for network communications.

What is less common but also useful is SAML assertion encryption.This token encryption is useful when your SAML token includes claims/assertions that contain private data which might be held for a long period of time or passed around through untrusted intermediaries.

This certificate has its public key held by the Security Token Service (STS) in order to encrypt the token, and its private key held by the Relying Party in order to decrypt it.

This process is relatively well documented if you are dealing with Windows Identity Foundation (WIF) 1.0 and slightly less so with WIF 4.5, however there are currently little to no resources on how to achieve this with the latest OWIN/Katana components.

Read more

Identity Manager using ASP.NET Identity

08 April 2016 ASP.NET Identity

Identity Manager Logo

Introduction

Identity Manager is the spiritual successor to the ASP.NET Web Site Administration Tool that used to be available with Visual Studio, providing a simple UI for performing CRUD operations to manage your user store.

IdentityManager is a tool for developers and/or administrators to manage the identity information for users of their applications. This includes creating users, editing user information (passwords, email, claims, etc.) and deleting users. It provides a modern replacement for the ASP.NET WebSite Administration tool that used to be built into Visual Studio. - https://github.com/IdentityManager/IdentityManager

Created by Brock Allen, of Identity Server and Identity Model fame, Identity Manager uses a RESTful API that abstracts the underlying Identity database, exposing metadata and functionality that powers a browser-based UI or used programmatically within your software...

Read more

IIS - The Process Cannot Access the File Because it is Being Used by Another Process

06 April 2016 Windows

Microsoft IIS

Recently I had some issues with running a local IIS server/website on my local development machine. The solution was fairly well documented, but the surprising culprit and the fact that it had never happened to me before, despite it being a replicable process, made it worthwhile documenting.

Problem

Upon trying to start manually start the IIS website the following error message popped up...

Read more

How I Prepared For My First Technical Presentation

29 March 2016 General

How I Prepared For My First Technical Presentation

Recently, as part of a job interview, I had to give a 20 minute presentation on a specifically requested technical subject, with a scope of my choice. The subject material was fine, I can waffle on about it for hours on end, but outside of some poor attempts at University, I had never given a professional presentation before. I gave myself just over a week to prepare and this article covers what I did and the resources I most benefited from as a technical professional.

Research the Subject

The first step was pretty obvious; in order to figure out the scope of my presentation, I needed to research the subject matter and see what already existed. This is not just in terms of documentation, blog posts and articles, but also how others are talking about it. How are they selling it? What are they presenting as its key features? What are they doing right and what are they doing wrong?

I initially took the stance of an audience member, as opposed to a rival speaker, and asked myself...

Read more