Skip to content


Currently Brock is an independent consultant specializing in .NET, web development, and web-based security with 20 years of industry experience. Brock is the co-author of many security-related open source frameworks including IdentityServer, IdentityManager, and MembershipReboot. He also frequently posts to the ASP.NET forums, is a MVP for ASP.NET/IIS, a member of ASPInsiders and a contributor to the ASP.NET platform.

Brock lives in Barrington, RI and can be reached at

8 Comments leave one →
  1. January 30, 2013 6:38 pm

    You’ve got several good posts on Membership. Thanks for taking the time to write this.

  2. Balvvant Bist permalink
    March 31, 2014 8:14 am

    I am new to web API. In my application I am using web api which holds my full business logic. These api’s are consumed by AngularJS SPA client. I would like to extend the user by adding couple of more properties to it. Do you have any sample, or can you guide me how to achieve using indentityreboot. How I can authenticate the user. What all the steps I need to take to extend the user with new properties using code first approach. What all files and place i need to make changes.


  3. david m chinn permalink
    August 19, 2015 4:18 pm

    We have a legacy application which uses the Windows Identity Framework, written around 2010-2011. Users authenticate by logging into a client portal, which then sends a saml 1.1 token to our application.

    We are updating the application to a services model, using webAPI 2.0/Owin/Identity 2.0 for security. Looks like bearer tokens are similar in concept to SAML, but not the same.

    The client is very sensitive about changing his portal. Is there any way to consume SAML in a webAPI application?

    thanks in advance

    • October 1, 2015 5:00 pm

      Bearer tokens are for Web APIs. SAML tokens are for SSO/authentication/web apps.

  4. August 25, 2015 11:12 pm

    Excellent Articles – Thank You!


  1. ASP.NET Web API: CORS support and Attribute Based Routing Improvements | DailyICT.Com
  2. ASP.NET Web API: CORS支持和基于属性的路由改进 - ScottGu中文博客 - Site Home - MSDN Blogs

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s