Brock is an independent application security architect specializing in .NET, web development, and web security with 25+ years of experience. He is co-author of IdentityServer and other open-source security frameworks, and an MVP contributor to the ASP.NET platform.
9 articles from this blog
Announcement of major changes to the IdentityServer project, including its future development and commercial support plans.
Explains the process and importance of rotating signing keys in IdentityServer for security, detailing the use of AddSigningCredential and AddValidationKey.
Explains the relationship between scopes and claims in IdentityServer for OpenID Connect and OAuth 2.0, covering identity and API scope design.
Explains how to implement OAuth and OpenID Connect authentication protocols in a Blazor client-side application.
Explains the impact of Safari's stricter same-site cookie policy on ASP.NET Core external authentication and proposes a solution.
Analyzes the security concerns and evolving best practices for the OAuth2 implicit flow, especially for browser-based applications.
Explains a key security change in ASP.NET Core 2.1 where authorization filters are combined, altering authentication and role-checking behavior.
IdentityManager2 is an updated version of the ASP.NET user management tool for ASP.NET Core, now stewarded by Rock Solid Knowledge.
A sample Windows native OIDC client using a custom URI scheme and named pipes to handle authentication responses from the system browser.
