May 23, 2023 by Hamid Mosalla on .Net, .Net Core, Security

Duende Identity Server: Risks of Sharing Clients and Tokens

In the past, I leveraged the open-source Identity Server version 4 (Read about my experience with it here). But recently, Identity Server has become proprietary, offering price plans that are not always seen as favorable. Especially if a company wants to support on premise instances of the app as opposed to SAAS. That means a … →

December 7, 2017 by Hamid Mosalla on .Net, Asp.Net Core, C#

Policy-based Authorization Using Asp.Net Core 2 And IdentityServer4

In my previous post, I’ve discussed how we can implement policy-based authorization to secure our API using JWT. But that wasn’t what I end-up using in production. Partly because the built-in mechanism of Asp.Net Core with JWT is not as powerful as IdentityServer4. Also I needed the single sign-on feature of IdentityServer4. There are two … →

Hamid Mosalla

Programming Adventures

Identity server

Policy-based Authorization Using Asp.Net Core 2 And IdentityServer4