-
-
Notifications
You must be signed in to change notification settings - Fork 481
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider constraining NWebSec to OpenIddict endpoints #14
Comments
Maybe we should ping @klings :) |
Hey guys, you're well underway with your ASP.NET 5 support? Which NWebsec libraries have you been using, the middleware? ASP.NET 5 support is next in line for NWebsec, but there's no trace of it on GitHub as I've been poking around with the new ASP.NET locally so far. |
Hey André (and sorry for the late answer)! 😄
Actually, OpenIddict is totally new and was designed from scratch for ASP.NET 5, but ASOS (the OpenID Connect library behind this project: https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server) comes with a default sample that demonstrates how to use NWebSec with ASP.NET 5 for a long time now (more than a year, actually: aspnet-contrib/AspNet.Security.OpenIdConnect.Server@0111029 🎉)
Yep, the main middleware. Ideally, we'd also like to use the MVC adapter, since OpenIddict internally uses a controller to render the critical authorization pages.
If you want us to test the early bits, don't hesitate, we're now pretty good at that 😄 |
I've made progress and the first version of the vnext packages are out. This includes ASP.NET 5 middleware, as well as an updated MVC package. It's a gamma release, as I'll have to make a few minor breaking changes before I'm happy calling it an RC. Still, it works (mostly) as before, and should be safe to "put in production". The middleware is almost identical, but there were a few system.web specific things that had to go in the MVC package. You can keep an eye on the progress here NWebsec/NWebsec#59 as I make my way to an RC. Let me know should you run into any issues. |
Woooo, it looks really nice, we'll give it a try ASAP! 🎉 /cc @damccull |
Just waiting on rc2 HTTPS bug to be fixed so I can use it properly. I'll be submitting an issue on it today. |
FYI, it's not a bug. See my remark on JabbR 👏 |
Haha! Looking. On Tue, Dec 8, 2015, 09:22 Kévin Chalet notifications@github.com wrote:
|
Today we merged in an update using the aspnet5 nwebsec middleware (#37). I'm looking at how to allow OpenIddict users to set the CSP headers themselves. |
Closing as invalid ( |
No description provided.
The text was updated successfully, but these errors were encountered: