Claims list included in the ClaimsPrincipal usually originate from the security token received by the application as part of user authentication (SAML, OpenIDConnect id token) or access authorization (OAuth2 bearer access token). However, sometimes there is a need to modify that list with claims derived from other sources: Attributes retrieved from custom databases Attributes not initially included […]
Tag Archives: OWIN
OWIN and WS-Federation with CA Siteminder
A customer was having a problem integrating an ASP.NET application with CA Siteminder v12.52. Firstly, there was a problem with using SAML2.0 token formats. To get around that, we reconfigured SM to use SAML1.1 for this application. Still, the application was failing with error message: ID4037: The key needed to verify the signature could not […]
Using OAuth2 with SOAP
I started at Microsoft when SOAP was all the rage, before there was such a thing as WCF. So it is with some nostalgia that I tried to combine one of latest technologies: Universal App Platform (UAP) with SOAP using OAuth2 protocol for authentication. One possible application of this approach would be for folks who […]
Using Owin to authenticate with Microsoft Account (Live Id)
I have recently battled my way through creating an Owin-based web UI application using Microsoft Account (MSA, formerly Live Id) as my authentication provider. Here are a summary of my experience and the resulting code. 1. This blog has most of what you need, including how to set up your application to use MSA and […]