A general category for security and information system securiity

Introduction There’s no doubt that we are living in a highly connected era, partially driven by an ever expanding consumption model where technology is sustained by a growing list of different models and service providers.  The established, old world, architecture which used to define a monolithic corporate IT infrastructure is […]

Federated Identity & The Enterprise – Part 1

Today I attended a Federal Government briefing at the Microsoft offices in Canberra. The agenda covered a wide area of topics, all relevant to Government and other sectors.  These are my raw notes, taken during each session.  I apologise in advance if they appear incoherent; I was put to task […]

Microsoft Federal Government Briefing – September 2016

Introduction Recently I created an architecture which saw K2 Smartform Runtime components deployed and configured in a separate Active Directory forest from the relevant K2 Blackpearl server.  This architecture aligns with the security and enterprise architecture principals for one of my Government clients. All of the client’s environments are all […]

Installing K2 Blackpearl Smartforms Runtime in a separate Active Directory ...

A few years ago [1] I wrote about how you could enable Domain Accounts to self-manage their ServicePrincipalNames.  This is particularly advantageous when using Kerberos to secure services. We recently needed to set up some service accounts in Active Directory to participate in establishing a Kerberos capability for middleware integration.  […]

Manage ServicePrincipalName Properties Using PowerShell

Identity Server 3 supports the Client Credentials OAuth2 grant.  I wrote a brief introduction to both OAuth2 and IdentityServer3 last month, this is a follow-on article exploring some other facets of authentication. This is a little bit like basic authentication, in that the client (the application which wants to consume […]

How IdentityServer3 Handles Client Credentials Flow

Introduction In recent times, I’ve become very intimately acquainted with OpenID Connect, OAuth2 as well as SAML, JWT, WS-Federation and more.  It’s a complicated world. Since I dwell amongst the Microsoft ecosystem, I’m very experienced with Active Directory Federation Services (AD FS) which in its latest version supports OAuth2 endpoints […]

Identity Server – An Introduction

Welcome, 2015 – may you be an improvement on your predecessor. Today’s article focuses on the deceptively non-trivial task of reading from the Windows Event Logs using the Microsoft .NET Framework.  For those who haven’t looked there in a while, here’s a quick look at the Event Viewer: The Windows […]

Programmatically Reading Event Logs

Hello there.  I’ve been spending a lot of time of late trying to develop a solution to a very obscure problem scenario.  The entire problem itself is outside the scope of this article – and to be honest, probably wouldn’t be terribly relevant to many – however, I felt there […]

Getting to know Cross-Origin Resource Sharing (CORS)

Introduction In Part 1, we had a brief look at OWIN/OAuth concepts, and then prepared a clean ASP.NET web forms project for integration with NuGet packages essential to supporting a lightweight integration for OAuth handling. In Part 2  we established the information required to authenticate users against the Live Connect […]

A lightweight implementation OWIN OAuth for ASP.NET Web Forms using ...

Introduction Where we left off in Part 1, we’d established the prerequisites to prepare either a new or existing web forms project for the implementation of a lightweight OWIN/OAuth provider. This article, Part 2, will focus on how to prepare your development environment and also how to configure for Windows […]

A lightweight implementation OWIN OAuth for ASP.NET Web Forms using ...

Introduction Disclaimer: this article assumes the reader is already familiar with OWIN and OAuth standards.  It is published in three parts. Late last year I wanted to implement Open Web Interface for .Net (OWIN) OAuth  functionality for an administrative subdomain.  As it happened, I wanted to specifically integrate OWIN/OAuth authentication/authorization […]

A lightweight implementation OWIN OAuth for ASP.NET Web Forms using ...