What’s next for .NET identity? A purpose-built management plane and storage abstraction. 🏗️ We’re unveiling a new additive infrastructure layer that powers User Management today and our capabilities of tomorrow. Learn more on June 2: duendesoftware.com/webinars/the...

Developers: IdentityServer v8 is built EXCLUSIVELY for .NET 10. 🛠️ We dropped multi-targeting for .NET 8 & 9 to deliver leaner packages, cleaner code paths, and full access to runtime capabilities like TimeProvider & HybridCache. See it live June 2: duendesoftware.com/webinars/the...

Custom auth creates a "training tax." New hires waste weeks learning proprietary code. License IdentityServer to use a standard. Hire .NET devs who are productive on day one. Learn how: duende.link/appmodli #dotnet #aspnet #aspnetcore

.NET 10 brings massive performance gains. IdentityServer leverages these immediately, showing reduced allocation rates in the token validation path. Learn more 👉️ duende.link/bpicli #aspnet #dotnet

We've published guidance on the high-severity #aspnetcore Data Protection vulnerability, CVE-2026-40372 (Elevation of Privilege) Read our guide to: * Determine if your applications are affected * Get mitigation steps 👉️ duende.link/twe5wp #dotnet

Stop compromising your architecture for your identity provider. 🔑 Duende gives you true sovereignty in the .NET LTS era: ✅ No lock-in (On-prem/Cloud/Hybrid) ✅ Full UI/UX freedom ✅ Custom logic in your .NET pipeline Build it your way: duende.link/2swrhhw #dotnet #aspnet #aspnetcore

SAML turned 20 and it's not going anywhere. Enterprise SSO, government federations, academic networks: they all run on SAML. Here's why it endures, and what it means for IdentityServer v8. 🔐 duende.link/p2rn8q #dotnet

Stop bloating your auth cookies! 🍪 Learn how to: 1️⃣ Use IdentityServer server-side sessions and improve performance 2️⃣ Use AuthenticationProperties to store dynamic user metadata (like location) Article at duende.link/8624kh #dotnet #aspnetcore

Stop writing boilerplate code for ClaimsPrincipal! 🛡️ #csharp 14 extension members let you use properties to centralize claim access logic, leading to cleaner, #aspnetcore application code. Read more: duende.link/7efu3d

Want the power of Duende IdentityServer but with faster time-to-value? ⏱️ We’re previewing a first-party user management .NET SDK on March 24th that gives you Passkeys, MFA, and audit trails out-of-the-box. Keep your data control, ditch the custom coding. RSVP: duende.link/78q3hk #dotnet #aspnet

SaaS providers are black boxes. Duende gives you full source access. Step-through to understand exactly how it all works. Learn how: duende.link/appmodb #aspnet #aspnetcore #dotnet

Authentication on a different device from the one you're using? 🧐 Learn how to implement Client-Initiated Backchannel Authentication (CIBA) in #ASPNETCore and #dotnet: duende.link/3ysz4u Especially helpful in high-trust scenarios.

Duende Software's legendary training on Identity and Access Management was originally created by Dominick Baier and Brock Allen. We're offering the training online/remotely as 6 half-day blocks in EU afternoons/US mornings, starting March 10. Read more and sign up at sustainsys.com/training

The livestream starts NOW! 🔴 Security you can’t prove isn’t security, it’s hope. Stop relying on manual checks. We’re showing you how to automate your security testing to ensure your API only accepts your trusted tokens. 🔗 Join us now: duende.link/lsjwt26b #OAuth2 #JWT #DotNet

Should you add rate limiting to your Duende IdentityServer deployment? 🤔 Our new article breaks down the why (and why not), plus 3 implementation options. Read the full article 👉 duende.link/87wrkjh #dotnet #ASPNETCore #OAuth #OpenIDConnect

Null exceptions are costly. We are enforcing strict Nullable Reference Types across the IdentityServer API in .NET 10. The compiler catches bugs before you deploy. The community deserves rigorous design. Learn More: duende.link/bpicb #aspnet #dotnet

Stability is a community asset. Aligning with the Microsoft LTS schedule provides a shared timeline for the industry. We can all plan, budget, and coordinate releases together. Predictability helps the whole community function better. Learn more: duende.link/bpicb #aspnet #dotnet #LTS

No more overprivileged access tokens? 🔑 Implement strict trust boundaries in your APIs with resource isolation (#OAuth RFC 8707). Learn how to configure it in Duende IdentityServer: duende.link/87qt2j #dotnet

In this video, we look deeper into critical security-related HTTP headers that can significantly strengthen your website's defenses. Expect X-Content-Type-Options, Referrer-Policy:, X-FRAME-OPTIONS, Content Security Policy (CSP), ... youtu.be/OztgrdMQG94 #dotnet #aspnetcore #SecurityTips

SaaS providers are black boxes. Duende gives you full source access. Step-through to understand exactly how it all works. Learn More: duende.link/2swrhhw #aspnet #aspnetcore #dotnet

Supply chain something something... not an issue - all focus back on AI!

We're proud to announce that Duende Software's latest Open Source Sponsorship goes to #BenchmarkDotNet! 🚀 Check out the full post for details on the project: duende.link/o55bmd #dotnet

Recording of my talk on passkeys in #aspnetcore at NDC Copenhagen is up! #dotnet Also includes a pointer on how to add passkeys to Razor Pages for folks who aren't on the #Blazor train. www.youtube.com/watch?v=P7eb... #dotnet

Simplify your identity mess! 🤯 Learn how a Federation Gateway with Duende IdentityServer orchestrates all your IdPs (Entra ID, Google, SAML) for unified, agile security. Must-read architecture deep dive! duende.link/8aefizq #IdentityOrchestration #SSO #Security #dotnet

My OSS is developed by humans github.com/adamralph/mi...

Stop struggling with diverse identity providers. 🛑 A Federation Gateway, such as Duende IdentityServer, is the key to: 🔑 Centralized Compliance ⚡️ Operational Agility 👤 Unified User Login duende.link/8aefizq #IdentityOrchestration #SSO #Security #dotnet

Duende Resolution: Don't Store Tokens in the Browser. 🔐 Browser tokens are an XSS risk. Secure your SPAs and Blazor WASM apps with the Duende BFF framework, the best way to handle protocol interactions and token management safely. ➡️ duende.link/bff4b1b

The Duende Product Insiders program is a private technical channel for partnership. Discuss Identity Strategy, Architecture, and Deployment Nuances directly with Duende experts. Stop guessing, start collaborating. 🙌 ➡️ duende.link/discord

For devs who care about identity 🚨, Product Insiders get: - Early access to features. - Deep collaboration with Duende leaders. - Direct influence on .NET identity & security. Where standards meet code. Apply: duende.link/insiders #DuendeInsiders #SecurityExperts

BFF v4: You can't secure what you can't see. OpenTelemetry is baked right in for end-to-end observability of your auth journey (redirect, token exchange, API calls). duende.link/bff4b1b #OpenTelemetry #Observability #DuendeBFF #Diagnostics #Tracing

Your opinion on that tricky DPoP implementation? We want it. Duende Product Insiders is the high-signal, zero-noise channel for advanced .NET identity and security discussions. Join Duende's Product Insiders. ➡️ duende.link/discord #dotnet #ZeroNoise #Identity

Identity developers, lead the way! Join Duende Product Insiders: Directly influence the roadmap, get early feature access, and collaborate with senior experts. Your expertise is needed. Apply today: duende.link/discord #DuendeInsiders #SecurityExperts

🛡️ BFF v4: Frontend Security Simplified Frontend devs shouldn't handle tokens or refresh cycles. BFF keeps security on the server, eliminating XSS risks. v4 adds multi-frontend support for operational sanity. Ditch the token burden entirely. ➡️ duende.link/bff4b0b

Happy Holidays from the Duende Team! 🎄 As the year winds down, we want to thank our amazing community for trusting Duende Software to secure your applications. We wish you and yours a wonderful holiday season filled with joy, rest, and peace. Wishing you safe deployments and happy days!

Stop wishing for a feature. Start building it with us. The Duende Product Insiders program is your channel for direct influence on the IdentityServer and BFF roadmap. Join the Insiders: duende.link/discord #DuendeSoftware #IdentityServer

Stop struggling with diverse identity providers. 🛑 A Federation Gateway, such as Duende IdentityServer, is the key to: 🔑 Centralized Compliance ⚡️ Operational Agility 👤 Unified User Login duende.link/8aefizq #IdentityOrchestration #SSO #Security #dotnet

Duende BFF v4 is available! Architecturally, this is huge: you can now support multiple frontends from a single, robust backend. Plus, we've integrated OpenTelemetry for seamless end-to-end observability in your identity flow. Simplify your stack: duendesoftware.com/blog/2025120...

Generating SBOMs for .NET apps and NuGet packages with Microsoft.Sbom.Targets

Ever wondered how browsers determine what kind of content they're displaying? It's usually through the Content-Type header. But what happens when that's missing or incorrect? It can be a serious security risk! Let's see how to fix this in #aspnetcore youtu.be/kSaSb2hBbyk #dotnet

Farewell to try .NET a way to run code right in docs that allowed me to introduce a new set of developers and PMs to various security challenges and problems over 10 years. It evolved from running lots of containers in weird isolation setups, all the way through to WASM.

The call for papers for NDC Security ends tomorrow. Come do your talk in Oslo: ndcsecurity.com/call-for-pap...

Let's look into a crucial "defense-in-depth" mechanism: SameSite cookies. Learn how this powerful browser flag adds extra protection against Cross-Site Request Forgery (CSRF) attacks. Strengthen your #aspnetcore web applications! youtu.be/goQlKiynWXU #dotnet

Stop struggling with diverse identity providers. 🛑 A Federation Gateway, such as Duende IdentityServer, is the key to: 🔑 Centralized Compliance ⚡️ Operational Agility 👤 Unified User Login duende.link/8aefizq #IdentityOrchestration #SSO #Security #dotnet

With the .NET 10 LTS released, now is the time to look into upgrading #IdentityServer4 to Duende IdentityServer! Fix known vulnerabilities and future-proof your security. Get support, FAPI 2.0 compliance, and more. duende.link/uwo974g #IdentityServer4 #OAuth2 #OpenIDConnect #dotnet

In this video, Christian Wenz dives deep into Cross-Site Request Forgery (CSRF), a simple yet devastating attack that has plagued web applications for years. Learn what CSRF is, how it works, and how to defend against it in #aspnetcore youtu.be/WUJrKw05YfI #dotnet

Claims and scopes describe user information in OpenID Connect. Let's see how Duende IdentityServer handles consent, different client types, required vs. optional scopes, and what happens when a client doesn't get everything it asked for. duende.link/97aeqlj 👀 #dotnet #aspnetcore

Adding .NET 10 Passkey Support to Duende IdentityServer 👉 duende.link/berqe86 Learn how to add #dotnet 10 passkey support to a non-Blazor project such as MVC or Razor Pages. #security #aspnetcore #identity #webauthn

The server's origin is used to generate passkey credentials, making them resistant to phishing. A credential signed for one app can't be used elsewhere. What about subdomains? Or multiple domains? In this post, we'll explore some options. duende.link/igeq87f #dotnet #security #passkeys #webauthn

The upcoming release of #dotnet 10 comes with built-in passkey support. Had good fun digging into the new #Blazor project template and how it adds secure authentication using passkeys. duende.link/37egw9f #aspnetcore

Duende Software's legendary training on Identity and Access Management was originally created by Dominick Baier and Brock Allen. We're offering the training online/remotely as 6 half-day blocks the first two weeks of November. Read more and sign up at sustainsys.com/training