We recently attended NDC Oslo and had a great time chatting with current and future Duende IdentityServer customers. During the event, an individual approached us with an interesting dilemma and wondered if we could help them solve it.

They wanted to automate a UI test against their deployed instance of Duende IdentityServer but avoid using an end-to-end library like Selenium or Playwright, because those libraries depend on a headless browser like Chromium or Firefox. Can we test that first-party logins work properly entirely through .NET Code?

Luckily, brilliant folks work at Duende, including our Director of Engineering, Damian Hickey, who was able to write a simple console application simulating a browser. Still, with the recent announcement of .NET 10’s dotnet run app.cs, we thought we could provide this value through a script that is easily editable and runnable from any environment with .NET 10 available.

When working with user authentication in ASP.NET Core, you may encounter situations where you need to pass additional information through the authentication process. For example, you might want to track specific user actions, ensure they are redirected to a particular page after logging in, or pass custom parameters to an identity provider.

The AuthenticationProperties class provides an elegant solution for these scenarios. It allows you to carry state through call sites within a specific request, maintain state throughout the authentication process, or pass additional parameters to the identity provider you are using.

In this post, we’ll see how to use the AuthenticationProperties class effectively in your ASP.NET Core applications and explore some OpenID Connect-specific options you can use in your apps.

Like all technological achievements, individuals’ cumulative efforts and contributions lead to something great. The current state of application security results from many talented individuals who take security seriously, coming together to build a technology from which we all benefit. Without them, we’d likely all be building bespoke security solutions with varying levels of vulnerability and interoperability. Thank goodness for standards!

In this post, we take a trip down memory lane and explore some of the standards created over the last 15 years, both in the IETF and the OpenID Foundation, that make OAuth and OpenID Connect what they are today.