Adam Ralph

This. I've already dropped at least one commercial product for trying too hard to force their AI offering down my throat.

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

Fresh post on external providers in #aspnetcore

We cover initial setup, the connection between external and cookie authentication, and discusses why alternatives might be better for production apps.

duende.link/q24tubs #security #identity #dotnet

I'm beyond sick to the teeth of “Introducing [product name] AI”

Add an extra layer of security to critical user actions! 🛡️

Learn how to implement Step Up challenges in your #aspnetcore apps with Duende #IdentityServer to enhance user verification and re-confirm identity for some activities.

duende.link/qthej2r

#dotnet #security #oidc

The #dotnet 8.0.17 upgrade fixed validation of forwarded headers and proxy server configuration in load balanced scenarios.

Great! Or not 🤔
This patch may affect your #aspnetcore app. 😱

Check our blog post for background and fix: duende.link/0mgnet8

Terms like "client" in OpenID Connect and OAuth 2.0 are clear for security folks, but non-technical people are sometimes confused.

In this post, let's clarify what a "client" means in application security.

duende.link/m8tyde4 #dotnet #security #identity

Monitoring IdentityServer License Usage with #aspnetcore Health Checks 🔍

🤔 How to create custom health checks
👍 Registering them
💡 Example health checks for IdentityServer

Find out in this blog post! duende.link/hi7fw5q #dotnet #identity

What are some of the essential moments in the OAuth and OpenID Connect timeline?

In this article, we look back at the past 15 years to explore how the IETF and OpenID Foundation have set standards that shaped OAuth and OpenID Connect today.

duende.link/q39aegk #dotnet #security #ietf #oidc

IdentityServer can use OpenTelemetry and share metrics, traces, and logs to help monitor and troubleshoot applications.

In this post, we'll see how to surface this data in the .NET Aspire dashboard! 🧐

duende.link/xa5p1r3 #dotnet #aspire #identityserver #otel

Microsoft Azure SQL and Entity Framework Core Performance Issues and Solution Many IdentityServer users are upgrading their deployments to the latest version of .NET and Duende IdentityServer. Most upgrades are uneventful and fair, with many users pleasantly surprised by a…

In recent weeks, some of our customers reported performance degradations. You won't believe what happened next 😱

Clickbait aside, #efcore, SqlClient, and transient retries don't always go well together. More on our blog!

duende.link/1khti3w #dotnet #identityserver #azure

Managing OpenAPI Specifications with Backend For Frontend and Swagger UI 📚

We'll briefly recap the BFF pattern, and then dive into a sample & learn how to reveal your OpenAPI specifications securely.

duende.link/73hbw12 #dotnet #security #bff #openapi #aspnetcore

Introducing the Duende Developer Community (and a new documentation site!)

🏘️ Community: connect with peers around #identityserver, #bff, #oidc, and more!
📝 New docs: fresh design, new topics, dark mode, ...

Learn more on our blog 👉 duende.link/1uiro2d #dotnet #security

Secure machine-to-machine communication?

In this video, Roland walks you through the #oauth2 Client Credentials flow. It's relatively straightforward, and a great way to get introduced to OAuth.

📺 youtu.be/_ncPlNlcavo

#oauth2 #identityserver #accesstoken #dotnet #security

Authorization Policy TagHelpers for ASP .NET Core Razor Views

This post discusses creating an AuthorizationPolicyTagHelper to build nicer Razor Pages views where the content depends on the ClaimsPrincipal and authorization policy. 🔐

duende.link/2wywy44

#aspnetcore #dotnet #security

Kicking off our Open Source Sponsorship program this quarter, where our developers picked a project we'll sponsor for 12 months:

🙌 Shouldly Assertion Framework

We're using it ourselves, and here's why you may want to:
duende.link/w4whryh #dotnet #testing

Secure your #VueJS apps with OpenID Connect & the BFF pattern! 🔒

We’ll look at the basic architecture of a BFF solution, the responsibilities of each component, and how it all fits together.

duende.link/eshdrq4

#Security #OAuth2 #OpenIDConnect #dotnet

Bullseye 6.0.0 is out now! Thanks to Yauhen Pyl for contributing to this release. www.nuget.org/packages/Bul...

A common attack web devs need to guard against is Cross-Site Request Forgery (CSRF).

🦸‍♀️ Anti-Forgery tokens to the rescue!

Let's see how they work in more detail 👇
duende.link/wk7e6sg #dotnet #aspnetcore

Today brings you #IdentityServer 7.2! 🎁

1️⃣ Strict Audience Validation ensures that the audience is equal to the issuer and validates the token’s typ value.
2️⃣ Discovery Document Caching helps throughput in large deployments

And more! 👉 duende.link/hjdsk82 #dotnet #aspnetcore

Good news! We just released Duende Backend-for-Frontend (BFF) Security Framework V3.

All the necessary components to secure browser-based frontends (e.g. SPAs or #Blazor applications) with #aspnetcore backends.

duende.link/iuq3t4n #dotnet

Why can't I have issue types in my personal @github.com repos? They have tasks, bugs, and features just as much as any org repo I work in.

We discovered a flaw in our website's contact form and some Community Edition requests were never received.

If you didn't heard back after sending your request, please reach out via duendesoftware.com/contact - we've resolved the issue.

Sorry for the inconvenience!

Who's still on IdentityServer 4, and why? · DuendeSoftware · Discussion #36 When looking at NuGet, I noticed IdentityServer 4 still has many downloads. Which makes me curious: who's still on IdentityServer 4, and why? Is it because your solution is locked on an older .NET ...

Let's try this GitHub discussions thing... Who's still on IdentityServer 4, and why? #dotnet

github.com/orgs/DuendeS...

Sure, you can just use RabbitMQ Note: This post was adapted from an answer I originally posted to a Stack Overflow question. People ask (frequently) why they need NServiceBus. “I’ve got RabbitMQ and that has built-in Pub/Sub,” they ...

Just got tipped off about Nik Chapsas's video saying you shouldn't bother with Wolverine for asynchronous, in memory processing and just use the low level Channels library. I think I'd assign him a little bit of background reading:

www.davidboike.dev/2017/12/sure...

NDC London 2025 | Conference for Software Developers NDC London 2025 is a 5-day event for Software Developers, 27-31 Jan at the Queen Elizabeth II Centre, Westminster.

We're heading towards #ndclondon - ndclondon.com 💂

Don’t miss your chance to learn, connect, and grow with the Duende team. Stop by our booth to connect and talk with #IdentityServer, #BFF, #oidc and #dotnet experts.

IdentityServer 7.1.0 is a significant release that includes: .NET 9 support Use of Duende.IdentityModel New license usage helpers Friendly READMEs in the NuGet packages Improved log filtering when HTTP requests are aborted Redaction of the subject token during token exchange Improved extensibility of the ClientConfigurationStore in the Configuration API Several bug fixes Numerous small code quality and performance enhancements from the community

Duende IdentityServer v7.1.0 general availability release is now live. This release includes .NET 9 support, enhancements, bug fixes, performance improvements, and more.

See the release notes: github.com/DuendeSoftwa... #dotnet

Never mind, I just saw that I have to go through a registration and verification process, which is all done now. Thanks!

any progress?

Welcome aboard! Looking forward to building great things together! #identityserver #oauth #openidconnect

After a hugely rewarding decade (nearly) at
particular.net, I'm excited to share that I will be joining
@duendesoftware.com in January as a Principal Software Engineer. We have lots of awesome stuff coming your way!