Skip to content

Tech Intersection, September 2015

July 14, 2015

I will be speaking at the upcoming Tech Intersection conference (specifically the Security Intersection part) in Monterey, CA in September 2015. I have three sessions and a one-day workshop:

Workshop:

  • Identity and access control for modern web and mobile applications

Sessions:

  • Modern authentication for ASP.NET MVC 6 applications
  • Building secure JavaScript and Web API applications with OAuth2

Hope to see you there!

 

SDD Deep Dive, London 2015

June 29, 2015

Dominick and I will be doing a 3-day workshop on single sign-on and web api security at SDD Deep Dive in London this November (2015). This is much like our previous workshops, but what makes it special is that we have 3 full days and on the final day we’ll be spending some time showing the most common configurations and customizations to IdentityServer.

This is your chance to come and learn how to secure your modern web applications and use IdentityServer to do so!

Oh, also — we have stickers :)

Hope to see you there.

 

Demos — NDC Oslo, 2015

June 19, 2015

Here are the slides and demos from my session at NDC Oslo 2015 on securing JavaScript based apps:

http://1drv.ms/1ReW326

And now the video is live:

https://vimeo.com/131636653

Thanks!

Demos — SDD, May 2015

June 11, 2015

Here are the slides and demos from my two sessions at SDD 2015 in London (ASP.NET5 & MVC6 and Threats and Mitigation):

http://1drv.ms/1I3ycNZ

Enjoy.

 

makecert and creating ssl or signing certificates

June 1, 2015

I’ve been asked to post my makecert scripts for creating self-signed certificates (one for SSL and the other for signing). I use both of these scripts as .bat files. These scripts accept one parameter — the CN (common name) you want the certificate to match. For the SSL cert this must match the host name. For signing it’s just a unique name. Both of these need to be run from an administrative command prompt because the scripts install the certificate into the local machine’s personal certificate store. If you need the public key portion (.cer) then you’d have to open mmc and export it. Also, notice the expiration in the scripts — this is something you might want to change based upon your situation.

The first script is for creating SSL certificates. This is good for setting up SSL on your local IIS for a new web site (you’d need to ensure the host is indicated and SNI is configured). Although the SSL certificate won’t be trusted until you configure the cert as trusted on the client machine. Here are the .bat file contents:

makecert -r -pe -n "CN=%1" -b 01/01/2015 -e 01/01/2020 -eku 1.3.6.1.5.5.7.3.1 -sky exchange -a sha256 -len 2048 -ss my -sr localMachine

The second script is for creating signing certificates (for things like token signing within a token service such as IdentityServer). Here are the .bat file contents:

makecert -r -pe -n "CN=%1" -b 01/01/2015 -e 01/01/2020 -eku 1.3.6.1.5.5.7.3.3 -sky signature -a sha256 -len 2048 -ss my -sr LocalMachine

HTH

 

Walk through videos for IdentityManager

April 20, 2015

I’ve recorded a couple of videos for getting started with IdentityManager. Enjoy!

Demos — Boston Code Camp 23, March 2015

March 22, 2015

Here are the slides and demos from my session at Boston CodeCamp 23 on securing modern JavaScript apps:

http://1drv.ms/1HnRcew

Thanks for attending!