This repository has been archived by the owner. It is now read-only.
[deprecated] Helper library for identity & access control in .NET 4.5 and MVC4/Web API.
Clone or download
Latest commit fd3bc1a Feb 3, 2016


Helper library for identity & access control in .NET 4.5 and MVC4/Web API.

Important: This is really old and we don't maintain it anymore. If you are looking for versions that build against MVC5/Web API v2 - use (



  • Base64Url encoding
  • Epoch Date Time conversion
  • Random number generation
  • Time-constant string comparison
  • Certificate Store Access
  • Useful constants when dealing with algorithms, date time formats, JWT, SWT, WS-Security & WS-Trust


  • Anoynmous claims principal
  • Authentication instant claim
  • Claims-based authorization
  • ClaimsPrincipal factory

Extension Methods

  • XML (to and from XmlReader, XmlDocument, XDocument)
  • WS-Trust RSTRs
  • Security token conversion
  • X.509 Certificates

Web API and HTTP Security

  • Extensible authentication framework for Web API that supports SAML 1.1/2.0, JWT, Access Keys, Basic Authentication
  • Embeddable token endpoint
  • Claims transformation
  • Implementation of the Hawk authentication scheme
  • Scope-based authorization
  • OAuth2 client library


  • Cookie protection
  • CORS
  • Anti-clickjacking

ASP.NET Passive Federation

  • Configuring session token lifetime
  • Sliding sessions
  • Overriding WS-Federation token lifetime
  • Configuring persistent session token cookies
  • Configuring machine key protection of session tokens
  • Suppress login redirects for API clients
  • Suppressing session token validation exceptions
  • Server-side session token caching
  • Dynamic issuer name registry direct from STS federation metadata


  • Helper classes for WCF
  • WS-Trust bindings


see the [wiki] ( for more resources.