Skip to content

DevIntersection Orlando, May 2017

March 22, 2017

I will be speaking at DevIntersection this May (not Las Vegas — that’s in October) in Orlando. The highlight will be the 2-day workshop on “Identity & Access Control for Modern Applications and APIs using ASP.NET Core”. If you register, use promo code “ALLEN” for a discount.

I also have two sessions, one on “Securing Web APIs from JavaScript/SPA Applications” and one on “Securing Web APIs from Mobile and Native Applications”.

Hope to see you there!

SDD London, May 2017

March 6, 2017

As is the tradition in the spring, I will be speaking at SDD in London this May. I have sessions on ASP.NET Identity, securing SPAs and we’re also doing our workshop in a 1-day format. Hope to see you there!


NDC London 2017

March 1, 2017

As always – NDC was a very good conference. Brock and I did a workshop, two talks and an interview. Here are the relevant links:

Check our website for more training dates.

View original post

OpenID Connect Client Library for JavaScript/SPA-style Applications

February 7, 2017

In addition to our native library – Brock successfully certified his JavaScript library with the OpenID Foundation.

oidc-client-js is by far the most easy and elegant way I have seen so far for integrating OpenID Connect and OAuth 2 client functionality into JavaScript – highly recommended!

See here for a step-by-step tutorial on how to use it.

View original post

MVP MIX Dallas 2017

January 30, 2017

I’ll be doing a 1-day version of our workshop on Identity and Access Control for Modern Applications and APIs using ASP.NET Core at MVP MIX in Dallas this March 2017.

Hope to see you there!



Demos — Boston Code Camp, November 2016

November 19, 2016

Here are the slides/demos from my ASP.NET Core security talk today at the Boston Code Camp. Thanks!!AjXKCyy1XZYBjWhdGgGY2qR0-R28

Also, here’s the link to the IdentityServer website.

Process.Start for URLs on .NET Core

September 24, 2016

Apparently .NET Core is sort of broken when it comes to opening a URL via Process.Start. Normally you’d expect to do this:


And then the default system browser pops open and you’re good to go. But this open issue explains that this doesn’t work on .NET Core. So instead you have to do this (credit goes to Eric Mellino):

public static void OpenBrowser(string url)
        // hack because of this:
        if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
            url = url.Replace("&", "^&");
            Process.Start(new ProcessStartInfo("cmd", $"/c start {url}") { CreateNoWindow = true });
        else if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
            Process.Start("xdg-open", url);
        else if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
            Process.Start("open", url);

I added a few more fixes for Windows — one was suppressing the second command prompt, and another was escaping the “&” with “^&” so the shell does not treat them as command separators.

Fun times in this cross-platform world.