Category Archives: owin

owin debugging

http://coding.abel.nu/2014/06/understanding-the-owin-external-authentication-pipeline/ Simply made a modern visual studio 2013 (updated) MVC app, with individual authentication. This gives us an owin-pipeline based application. To this, we then added openid connect in order to talk to our IDP   app.UseOpenIdConnectAuthentication(    new OpenIdConnectAuthenticationOptions    {        … Continue reading

Posted in owin

scaffolding for an authorization server

http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server

Posted in oauth, OpenID, owin

security policy label (negotiation)

its interesting to see how, from the days when we realized that “CORS” in the world of cisco phone/PBC protocol negotiations were nothing more than a security label negotiation, the “CORS” now seen in the web world IS THE SAME … Continue reading

Posted in owin

Visual Studio 2013 webAPI (MVC-based) project – with individual authentication

What this means is that the project is really two: an authorization server (doing something like the oauth protocol, in pattern terms) and a webAPI. The components doing each function are all jumbled together in the source tree. One sees … Continue reading

Posted in owin

Poor Microsoft OWIN ws-federation security model

if you do give a metadata address, it doesn’t bother confirming whether the certificate used to sign the metadata is valid (ever). Seems poorly thought out – since lots of folks are NOT going to know to write their own … Continue reading

Posted in owin