Supply chain something something... not an issue - all focus back on AI!

We're proud to announce that Duende Software's latest Open Source Sponsorship goes to #BenchmarkDotNet! 🚀 Check out the full post for details on the project: duende.link/o55bmd #dotnet

Recording of my talk on passkeys in #aspnetcore at NDC Copenhagen is up! #dotnet Also includes a pointer on how to add passkeys to Razor Pages for folks who aren't on the #Blazor train. www.youtube.com/watch?v=P7eb... #dotnet

Simplify your identity mess! 🤯 Learn how a Federation Gateway with Duende IdentityServer orchestrates all your IdPs (Entra ID, Google, SAML) for unified, agile security. Must-read architecture deep dive! duende.link/8aefizq #IdentityOrchestration #SSO #Security #dotnet

My OSS is developed by humans github.com/adamralph/mi...

Stop struggling with diverse identity providers. 🛑 A Federation Gateway, such as Duende IdentityServer, is the key to: 🔑 Centralized Compliance ⚡️ Operational Agility 👤 Unified User Login duende.link/8aefizq #IdentityOrchestration #SSO #Security #dotnet

Duende Resolution: Don't Store Tokens in the Browser. 🔐 Browser tokens are an XSS risk. Secure your SPAs and Blazor WASM apps with the Duende BFF framework, the best way to handle protocol interactions and token management safely. ➡️ duende.link/bff4b1b

The Duende Product Insiders program is a private technical channel for partnership. Discuss Identity Strategy, Architecture, and Deployment Nuances directly with Duende experts. Stop guessing, start collaborating. 🙌 ➡️ duende.link/discord

For devs who care about identity 🚨, Product Insiders get: - Early access to features. - Deep collaboration with Duende leaders. - Direct influence on .NET identity & security. Where standards meet code. Apply: duende.link/insiders #DuendeInsiders #SecurityExperts

BFF v4: You can't secure what you can't see. OpenTelemetry is baked right in for end-to-end observability of your auth journey (redirect, token exchange, API calls). duende.link/bff4b1b #OpenTelemetry #Observability #DuendeBFF #Diagnostics #Tracing

Your opinion on that tricky DPoP implementation? We want it. Duende Product Insiders is the high-signal, zero-noise channel for advanced .NET identity and security discussions. Join Duende's Product Insiders. ➡️ duende.link/discord #dotnet #ZeroNoise #Identity

Identity developers, lead the way! Join Duende Product Insiders: Directly influence the roadmap, get early feature access, and collaborate with senior experts. Your expertise is needed. Apply today: duende.link/discord #DuendeInsiders #SecurityExperts

🛡️ BFF v4: Frontend Security Simplified Frontend devs shouldn't handle tokens or refresh cycles. BFF keeps security on the server, eliminating XSS risks. v4 adds multi-frontend support for operational sanity. Ditch the token burden entirely. ➡️ duende.link/bff4b0b

Happy Holidays from the Duende Team! 🎄 As the year winds down, we want to thank our amazing community for trusting Duende Software to secure your applications. We wish you and yours a wonderful holiday season filled with joy, rest, and peace. Wishing you safe deployments and happy days!

Stop wishing for a feature. Start building it with us. The Duende Product Insiders program is your channel for direct influence on the IdentityServer and BFF roadmap. Join the Insiders: duende.link/discord #DuendeSoftware #IdentityServer

Stop struggling with diverse identity providers. 🛑 A Federation Gateway, such as Duende IdentityServer, is the key to: 🔑 Centralized Compliance ⚡️ Operational Agility 👤 Unified User Login duende.link/8aefizq #IdentityOrchestration #SSO #Security #dotnet

Duende BFF v4 is available! Architecturally, this is huge: you can now support multiple frontends from a single, robust backend. Plus, we've integrated OpenTelemetry for seamless end-to-end observability in your identity flow. Simplify your stack: duendesoftware.com/blog/2025120...

Generating SBOMs for .NET apps and NuGet packages with Microsoft.Sbom.Targets

Ever wondered how browsers determine what kind of content they're displaying? It's usually through the Content-Type header. But what happens when that's missing or incorrect? It can be a serious security risk! Let's see how to fix this in #aspnetcore youtu.be/kSaSb2hBbyk #dotnet

Farewell to try .NET a way to run code right in docs that allowed me to introduce a new set of developers and PMs to various security challenges and problems over 10 years. It evolved from running lots of containers in weird isolation setups, all the way through to WASM.

The call for papers for NDC Security ends tomorrow. Come do your talk in Oslo: ndcsecurity.com/call-for-pap...

Let's look into a crucial "defense-in-depth" mechanism: SameSite cookies. Learn how this powerful browser flag adds extra protection against Cross-Site Request Forgery (CSRF) attacks. Strengthen your #aspnetcore web applications! youtu.be/goQlKiynWXU #dotnet

Stop struggling with diverse identity providers. 🛑 A Federation Gateway, such as Duende IdentityServer, is the key to: 🔑 Centralized Compliance ⚡️ Operational Agility 👤 Unified User Login duende.link/8aefizq #IdentityOrchestration #SSO #Security #dotnet

With the .NET 10 LTS released, now is the time to look into upgrading #IdentityServer4 to Duende IdentityServer! Fix known vulnerabilities and future-proof your security. Get support, FAPI 2.0 compliance, and more. duende.link/uwo974g #IdentityServer4 #OAuth2 #OpenIDConnect #dotnet

In this video, Christian Wenz dives deep into Cross-Site Request Forgery (CSRF), a simple yet devastating attack that has plagued web applications for years. Learn what CSRF is, how it works, and how to defend against it in #aspnetcore youtu.be/WUJrKw05YfI #dotnet

Claims and scopes describe user information in OpenID Connect. Let's see how Duende IdentityServer handles consent, different client types, required vs. optional scopes, and what happens when a client doesn't get everything it asked for. duende.link/97aeqlj 👀 #dotnet #aspnetcore

Adding .NET 10 Passkey Support to Duende IdentityServer 👉 duende.link/berqe86 Learn how to add #dotnet 10 passkey support to a non-Blazor project such as MVC or Razor Pages. #security #aspnetcore #identity #webauthn

The server's origin is used to generate passkey credentials, making them resistant to phishing. A credential signed for one app can't be used elsewhere. What about subdomains? Or multiple domains? In this post, we'll explore some options. duende.link/igeq87f #dotnet #security #passkeys #webauthn

The upcoming release of #dotnet 10 comes with built-in passkey support. Had good fun digging into the new #Blazor project template and how it adds secure authentication using passkeys. duende.link/37egw9f #aspnetcore

Duende Software's legendary training on Identity and Access Management was originally created by Dominick Baier and Brock Allen. We're offering the training online/remotely as 6 half-day blocks the first two weeks of November. Read more and sign up at sustainsys.com/training

Say goodbye ✋ to passwords, and hello 👋 to secure, phishing-resistant logins: passkey credentials. Part 1 of our 4-part blog series covers password and authentication evolution. Longread ahead! 👀 duende.link/p455k3y #passkeys #webauthn #dotnet #security #aspnetcore

I'm hiring! Looking for an #aspnetcore dev, ideally with identity/oidc experience. Role is support, tech presales, advisory, docs, ... East coast US ideally for timezone overlap in the team Small team and company, big ambition. Reach out if you're interested! duendesoftware.com/careers/cust...

Discover a key update in #dotnet 10 that improves local development! 🔥 👉 Our latest blog post explains how a new TLS certificate and unique local domains can solve cookie conflicts and better mimic production environments. duende.link/arbgu89 #aspnetcore #security

lol the conclusions are so so wrong medium.com/c-sharp-prog...

The IETF OAuth Working Group has adopted the Identity Assertion Authorization Grant specification! datatracker.ietf.org/doc/draft-ie... This is the basis of Cross App Access (XAA), providing IT admins better visibility and control by configuring the app-to-app connections in their enterprise IdP.

Don't miss our livestream tomorrow with Microsoft .NET MVP Tore Nestenius! Demystifying Authentication in #aspnetcore Core. 📅 September 18, 2025 🕐 10:00 EST / 16:00 CEST Register now: duendesoftware.com/webinars/dem... #security #identity

Brace yourself, w̶i̶n̶t̶e̶r̶ #dotnet 10 is coming! ⛄️ Let's look at the new capabilities and features we are excited about for the upcoming .NET release in November. Expect passkeys, #opentelemetry additions,TLS for *.localhost, and more. 👀 duende.link/qet4wp9 #aspnetcore

If you missed my live stream, don't worry—the internet will keep it available forever. And if I said anything dumb, that's also never going away.

Watch the recording of our #IdentityServer 7.3 launch! duendesoftware.com/webinars/due... Joe DeCock covers new templates, and looks at setting up your environment for the FAPI 2.0 security profile and conformance tests. #dotnet #security #identity

What are Best Practices of Web Application Security in 2025? This post focuses on key security and authentication flows using OAuth 2.0 and OpenID Connect, flows to avoid, security measures to implement, and IETF Best Current Practices. duende.link/iyqe3fk #security #dotnet

We'll host a livestream with Tore Nestenius! 📹 Authentication has many concepts and moving parts. In this session, we'll clarify how authentication in #aspnetcore works. 📅 September 18, 2025 🕐 10:00 EST / 16:00 CEST duendesoftware.com/webinars/dem... #dotnet #security

HttpClient is at the heart of many projects. DelegatingHandlers let you intercept and modify requests and responses, extending base functionality. In this blog post, we'll look at DelegatingHandler and how it can make HttpClient even more powerful! 💪 duende.link/78qe4kj #dotnet #aspnetcore

We're hiring! At @duendesoftware.com, we're looking for someone to join our Customer Success team. It's a 100% remote position but we are looking for someone based in the US East Coast region for time zone reasons. If you're interested, visit duendesoftware.com/careers/cust... for details! #hiring

😂

Meet Duende #IdentityServer v7.3! This new release includes: 👉 Enhanced security & future proofing with FAPI 2.0 support 👉 Quick start templates to accelerate development. 👉 And more.... Release blog here ➡️ duende.link/is73b0b #dotnet #security #identity

External identity providers in #aspnetcore In this post, we cover initial setup (with Google), the connection between external and cookie authentication, and discusses why alternatives might be better for production apps. duende.link/q24tubs #security #identity #dotnet

Meet Duende #IdentityServer v7.3! This new release includes: 👉 Enhanced security & future proofing with FAPI 2.0 support 👉 Quick start templates to accelerate development. 👉 And more.... Release blog here ➡️ duende.link/is73b0b #dotnet #security #identity

We're at #kcdc2025 Stop by and register to win a NASA Artemis Space Launch System LEGO set. Or just say hello and meet the Duende team. Learn more about our newly released Duende #IdentityServer v7.3 with FAPI 2.0. #dotnet #security #identity

Livestream Launch Event: Duende #IdentityServer 7.3 with FAPI 2.0 + New Quick Start Templates. 🗓️ August 21, 2025 🕑 10 EST / 16:00 CEST / 14:00 UTC 🧑‍🦰 Speaker: Joe DeCock Clear your calendars and register here ➡️ duende.link/is73w0b #dotnet #security #identity

Are you worried your #dotnet #security could be more secure? Join us for a #livestream on August 21st, 2025, to discuss FAPI 2.0, its relation to #oauth and #openid, and how to harden your security posture, with our guest, Joe “Mr. Identity” DeCock. If nothing else, join us with what is a […]