Security Versions Save

Features

• Need a nicer error when no authentication middleware is registered but you try to authorize (#511)
• Add Logging to Authn and Authz (#491)
• Improve error message for when AuthenticationScheme is not recognized (#466)
• When an external login (e.g. Google) is denied, how do I recognize this? (#451)
• Cookie sharing between applications (#387)
• [Cookies] Consume ITlsTokenBindingFeature (#263)

Bugs Fixed

• [Authorization] Evaluating a non-existent policy returns "false" (#514)
• Cookies: HTTP 401 always turns into 302 (#508)
• Fix OpenIdConnectTokenEndpointResponse to return the actual OpenIdConnectMessage (#501)
• resource-based AuthorizationHandler is invoked for other resource types. (#494)
• Add a RequireHttps property when migrating to Wilson beta8 (#485)
• Authorization API cleanup (#480)
• Remove Twitter.Serializers type (#479)
• OpenIdConnectOptions API cleanup (#478)
• Make OpenIdConnectBearerHandler (nee JwtBearerHandler) internal (#475)
• Rename cookie IAuthenticationSessionStore to ITicketStore (#472)
• Remove unused SubjectPublicKeyInfoAlgorithm type (#471)
• Clean up Authentication namespace's encoder/serializer types/APIs (#469)
• Change all the XyzOptions.SystemClock properties to be EditorBrowsable(Never) (#460)
• Make CookieAuthenticationDefaults and FacebookDefaults fields static readonly (#457)
• Consider requiring callback path (#455)
• Change log messages to use string literals instead of resources (#418)
• Remove log codes from log messages (#414)
• OpenIdConnectHandler.AuthenticateAsync should not throw SecurityTokenException (#351)
• Multiple OIDC handlers will get in each others way. (#348)
• Rationalize error handling (#55)

Features

• Enable default policy for MVC authorize attribute (#376)
• Rationalize SignInScheme in options (#174)

Bugs Fixed

• [OIDC] GetUserInformationAsync needs to fail if the subjects do not match (#407)
• Facebook.UserInformationEndpoint + access_token make Invalid Backchannel URL (#365)
• Authorization : AddAuthorization() method do not use the configureOptions parameter (#364)
• OpenIdConnect needs additional validation of the response. (#278)

Features

• OpenID connect: support response_mode=query (#217)
• [Design] OpenIdConnect needs a definition for agumenting the 'state' parameter on request. (#214)
• Replace INonceCache by IDistributedCache (#212)

Bugs Fixed

• INonceCache has been replace but the file still exists. (#319)
• Cookie MW null reference exception (#270)

Features

• Remove sample's dependency on Diagnostics (#242)
• Remove dependency on DataProtection in Authentication (#221)
• Prefer the new encoders over Uri.EscapeDataString (#161)
• Integrate cookie chunking APIs with new strongly typed header values (#118)

Bugs Fixed

• [Authorize] fails for OpenIdConnect (#139)

Bugs Fixed

• Update Wilson package versions to beta4 (#201)
• OpenIdConnect is broken on coreclr due to token validation issues (#200)
• OpenIdConnect flow does not set the SignInAsAuthenticationType cookie (#144)

Features

• Port the OpenIdConnect middleware from Katana (#42)
• Port the JWT & AAD middleware from Katana (#40)
• Update metadata retrieval patterns (#26)

Features

• Port the MicrosoftAccount middleware from Katana (#41)
• Port the Twitter middleware from Katana (#38)
• Port the Facebook middleware from Katana (#36)