Security and cryptography

Forms based authentication in .NET MVC4 and MVC5

Claims based security

Course from the ground up

Claims transformation posts

Security and cryptography

SSL Certificates

Server certificates

Client certificates

Web API 2

Security extensibility points

Custom authentication mechanism



19 Responses to Security and cryptography

  1. Jay says:

    I have not come across any other article series that explained Claims based authentication so well. Excellent job in taking time and providing all this series.

  2. Gene says:

    This is an outstanding set of blogs for claims based authentication. Kudos! And thanks for doing this.

  3. Nice one! I follow a couple of blogs, but this is very useful man! Thanks

  4. korayasili says:

    I’ve started claims based auth. posts. Very good stuff, thank you.

  5. Ammus says:

    I am using a Claims based Authentication in an App

    I have this in the web.config file

    On trying to run the application I get the following error.

    ‘Key not valid for use in specified state.’ with a stack trace

    [InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false. ]
    System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded) +165
    System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +123
    System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +572
    System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +75
    System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +414
    System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +175
    System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +114
    System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69

    Would you please help me out on this one.
    Thanks in advance

  6. Pingback: ClaimAuthorizeAttribute | KarlZ

  7. Jordan Pedro says:

    I just came cross your blog around 3 months ago. it’s Very rich and useful by the way some articles even helped me to pass in one of the Microsoft’s exam.
    Keep up.

  8. Pingback: Introduction to Forms based authentication in .NET4.5 MVC4 | tuandom's Blog

  9. Pingback: Introduction to Forms based authentication in MVC4 & MVC5 | tuandom's Blog

  10. yahor says:

    Thank you Andras. Perfect articles, excellent work and clear explanation of such needed things in web development. Well done!

  11. Geb says:

    Detailed and comprehensive articles..
    Most importantly, still relevant.

  12. quantamind says:

    Hi Andras: Your sample on selfhosted OWIN/WebAPI with https Client Certificate Authentication is not working when deployed to webserver.

    I am getting 401 UnAuthorized, The target principal name is incorrect error. The below link has some details of the issue. Please share some thoughts if you can.

  13. Adrian O says:

    Hi Andras,
    Nice walkthrough regarding certificate loading/reading and validations. Could you add an article on how to connect to an URL/server as a client in C# to get information about the SSL certificate published on the remote server?

    Best regards,
    Adrian O

  14. Frits van Soldt says:

    Thanls for sharing this for free, Andreas. I have learned a lot from your excellent articles.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Elliot Balynn's Blog

A directory of wonderful thoughts

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog


Once Upon a Camayoc

Bite-size insight on Cyber Security for the not too technical.

%d bloggers like this: