Category Archives: owin

owin debugging Simply made a modern visual studio 2013 (updated) MVC app, with individual authentication. This gives us an owin-pipeline based application. To this, we then added openid connect in order to talk to our IDP   app.UseOpenIdConnectAuthentication(    new OpenIdConnectAuthenticationOptions    {        … Continue reading

Posted in owin

scaffolding for an authorization server

Posted in oauth, OpenID, owin

security policy label (negotiation)

its interesting to see how, from the days when we realized that “CORS” in the world of cisco phone/PBC protocol negotiations were nothing more than a security label negotiation, the “CORS” now seen in the web world IS THE SAME … Continue reading

Posted in owin

Visual Studio 2013 webAPI (MVC-based) project – with individual authentication

What this means is that the project is really two: an authorization server (doing something like the oauth protocol, in pattern terms) and a webAPI. The components doing each function are all jumbled together in the source tree. One sees … Continue reading

Posted in owin

Poor Microsoft OWIN ws-federation security model

if you do give a metadata address, it doesn’t bother confirming whether the certificate used to sign the metadata is valid (ever). Seems poorly thought out – since lots of folks are NOT going to know to write their own … Continue reading

Posted in owin