Duende Software's legendary training on Identity and Access Management was originally created by Dominick Baier and Brock Allen.
We're offering the training online/remotely as 6 half-day blocks in EU afternoons/US mornings, starting March 10.
Read more and sign up at sustainsys.com/training
The livestream starts NOW! π΄ Security you canβt prove isnβt security, itβs hope.
Stop relying on manual checks. Weβre showing you how to automate your security testing to ensure your API only accepts your trusted tokens.
π Join us now: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Should you add rate limiting to your Duende IdentityServer deployment? π€
Our new article breaks down the why (and why not), plus 3 implementation options.
Read the full article π duende.link/87wrkjh
#dotnet #ASPNETCore #OAuth #OpenIDConnect
Null exceptions are costly. We are enforcing strict Nullable Reference Types across the IdentityServer API in .NET 10. The compiler catches bugs before you deploy.
The community deserves rigorous design.
Learn More: duende.link/bpicb
#aspnet #dotnet
Stability is a community asset. Aligning with the Microsoft LTS schedule provides a shared timeline for the industry. We can all plan, budget, and coordinate releases together.
Predictability helps the whole community function better.
Learn more: duende.link/bpicb
#aspnet #dotnet #LTS
No more overprivileged access tokens? π
Implement strict trust boundaries in your APIs with resource isolation (#OAuth RFC 8707).
Learn how to configure it in Duende IdentityServer: duende.link/87qt2j
#dotnet
In this video, we look deeper into critical security-related HTTP headers that can significantly strengthen your website's defenses. Expect X-Content-Type-Options, Referrer-Policy:, X-FRAME-OPTIONS, Content Security Policy (CSP), ...
youtu.be/OztgrdMQG94 #dotnet #aspnetcore #SecurityTips
SaaS providers are black boxes. Duende gives you full source access. Step-through to understand exactly how it all works.
Learn More: duende.link/2swrhhw
#aspnet #aspnetcore #dotnet
Supply chain something something... not an issue - all focus back on AI!
We're proud to announce that Duende Software's latest Open Source Sponsorship goes to #BenchmarkDotNet! π
Check out the full post for details on the project: duende.link/o55bmd
#dotnet
Recording of my talk on passkeys in #aspnetcore at NDC Copenhagen is up! #dotnet
Also includes a pointer on how to add passkeys to Razor Pages for folks who aren't on the #Blazor train.
www.youtube.com/watch?v=P7eb... #dotnet
Simplify your identity mess! π€―
Learn how a Federation Gateway with Duende IdentityServer orchestrates all your IdPs (Entra ID, Google, SAML) for unified, agile security. Must-read architecture deep dive!
duende.link/8aefizq
#IdentityOrchestration #SSO #Security #dotnet
My OSS is developed by humans github.com/adamralph/mi...
Stop struggling with diverse identity providers. π
A Federation Gateway, such as Duende IdentityServer, is the key to:
π Centralized Compliance
β‘οΈ Operational Agility
π€ Unified User Login
duende.link/8aefizq
#IdentityOrchestration #SSO #Security #dotnet
Duende Resolution: Don't Store Tokens in the Browser. π
Browser tokens are an XSS risk. Secure your SPAs and Blazor WASM apps with the Duende BFF framework, the best way to handle protocol interactions and token management safely.
β‘οΈ duende.link/bff4b1b
The Duende Product Insiders program is a private technical channel for partnership. Discuss Identity Strategy, Architecture, and Deployment Nuances directly with Duende experts. Stop guessing, start collaborating. π
β‘οΈ duende.link/discord
For devs who care about identity π¨, Product Insiders get:
- Early access to features.
- Deep collaboration with Duende leaders.
- Direct influence on .NET identity & security.
Where standards meet code. Apply: duende.link/insiders
#DuendeInsiders #SecurityExperts
BFF v4: You can't secure what you can't see.
OpenTelemetry is baked right in for end-to-end observability of your auth journey (redirect, token exchange, API calls).
duende.link/bff4b1b
#OpenTelemetry #Observability #DuendeBFF #Diagnostics #Tracing
Your opinion on that tricky DPoP implementation? We want it. Duende Product Insiders is the high-signal, zero-noise channel for advanced .NET identity and security discussions. Join Duende's Product Insiders.
β‘οΈ duende.link/discord
#dotnet #ZeroNoise #Identity
Identity developers, lead the way! Join Duende Product Insiders: Directly influence the roadmap, get early feature access, and collaborate with senior experts. Your expertise is needed.
Apply today: duende.link/discord
#DuendeInsiders #SecurityExperts
π‘οΈ BFF v4: Frontend Security Simplified
Frontend devs shouldn't handle tokens or refresh cycles. BFF keeps security on the server, eliminating XSS risks.
v4 adds multi-frontend support for operational sanity. Ditch the token burden entirely.
β‘οΈ duende.link/bff4b0b
Happy Holidays from the Duende Team! π
As the year winds down, we want to thank our amazing community for trusting Duende Software to secure your applications. We wish you and yours a wonderful holiday season filled with joy, rest, and peace.
Wishing you safe deployments and happy days!
Stop wishing for a feature. Start building it with us. The Duende Product Insiders program is your channel for direct influence on the IdentityServer and BFF roadmap.
Join the Insiders: duende.link/discord
#DuendeSoftware #IdentityServer
Stop struggling with diverse identity providers. π
A Federation Gateway, such as Duende IdentityServer, is the key to:
π Centralized Compliance
β‘οΈ Operational Agility
π€ Unified User Login
duende.link/8aefizq
#IdentityOrchestration #SSO #Security #dotnet
Duende BFF v4 is available! Architecturally, this is huge: you can now support multiple frontends from a single, robust backend. Plus, we've integrated OpenTelemetry for seamless end-to-end observability in your identity flow.
Simplify your stack: duendesoftware.com/blog/2025120...
Generating SBOMs for .NET apps and NuGet packages with Microsoft.Sbom.Targets
Ever wondered how browsers determine what kind of content they're displaying? It's usually through the Content-Type header. But what happens when that's missing or incorrect? It can be a serious security risk!
Let's see how to fix this in #aspnetcore youtu.be/kSaSb2hBbyk #dotnet
Farewell to try .NET a way to run code right in docs that allowed me to introduce a new set of developers and PMs to various security challenges and problems over 10 years.
It evolved from running lots of containers in weird isolation setups, all the way through to WASM.
