Tag: Security

Writing an Owin Authentication Middleware

Owin and Katana offers a flexible pipeline for external authentication with existing providers for authentication by Google, Facebook, Twitter and more. It is also possible to write your own custom authentication provider and get full integration with the Owin external authentication pipeline and ASP.NET Identity. Anatomy of an Owin Authentication Middleware For this post I’ve… Continue reading Writing an Owin Authentication Middleware

Understanding the Owin External Authentication Pipeline

Owin makes it easy to inject new middleware into the processing pipeline. This can be leveraged to inject breakpoints in the pipeline, to inspect the state of the Owin context during authentication. When creating a new MVC 5.1 project a Startup.Auth.cs file is added to the project that configures the Owin pipeline with authentication middleware.… Continue reading Understanding the Owin External Authentication Pipeline

ASP.NET Identity and Owin Overview

ASP.NET Identity is the reworked, flexible replacement for the old membership system that has been around since ASP.NET 2.0. ASP.NET Identity is more well designed and flexible than the old membership system and uses Owin middleware components for external logins such as Facebook, Google and Twitter. Compared to the membership system, the architecture of ASP.NET… Continue reading ASP.NET Identity and Owin Overview

Kentor.AuthServices 0.4.0 SAML2 for ASP.NET Released

Version 0.4.0 of the Kentor.AuthServices SAML2 package for ASP.NET is now released. The release contains an important security fix and some other improvements. Contents Improved verification of XML signatures to mitigate assertion injection. Support for signed assertions. Validates InResponseTo on incoming responses. Support for SAML2 Http Post binding.