Home

Awesome

Windows Azure Active Directory IdentityModel Extensions for .Net

Versions

Current version - 6.5.1
Minimum recommended version - 5.5.0

You can find the release notes for each version here. Older versions can be found here.

6.5.1

Simple servicing release with two small fixes. TokenValidationParameters.Clone missed one instance variable. JsonHeader was being cached in an unbounded cache. We just disabled it for now.

Note about 6.5.0

If you noticed, we bumped the release from 5.5.0 to 6.5.0.
We were maintaining two releases from two different branches.
dev - 6.x
dev5x - 5.x

Internally at Microsoft we were quickly required to remove all 3rd party libraries as IdentityModel is all about securing resources.
Since there were some breaking changes, given the time-line we had to maintain two releases.

Both of these branches were public and moved forward mostly in lock-step.
Once we finished our SignedHttpRequest functionality in the 6.x branch, we realized the delta between 5.x aqnd 6.x was too large to maintain in both branches.
We decided now was the time to switch to a single release branch.
Since internally the versioning was at 6.4.2, we needed to release at 6.5.0.

There are some small breaking changes

We built and tested asp.net core with 6.5.0 without issues.
We also upgraded in place existing applications to 6.5.0 without issues.
This of course does not mean you will not hit issues, but we took it seriously.

Any questions or compatibility problems please open issues here.

Thank you for using our product

The IdentityModel Team.

Security Vulnerability in Microsoft.IdentityModel.Tokens 5.1.0

IdentityModel Extensions library Microsoft.IdentityModel.Tokens has a known security vulnerability affecting version 5.1.0. Please update to >= 5.1.1 immediately. An updated package is available on NuGet. For more details, see the security notice.

Usage

IdentityModel Extensions for .NET 5 has now been released. If you are using IdentityModel Extensions with ASP.NET, the following combinations are supported:

For more details see Migration notes here

Samples and Documentation

The scenarios supported by IdentityModel extensions for .NET are described in Scenarios. The libraries are in particular used part of ASP.NET security to validate tokens in ASP.NET Web Apps and Web APIs. To learn more about token validation, and find samples, see:

Community Help and Support

We leverage Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browse existing issues to see if someone has had your question before.

We recommend you use the "adal" tag so we can see it! Here is the latest Q&A on Stack Overflow for ADAL: http://stackoverflow.com/questions/tagged/adal

Security Reporting

If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.

Contributing

All code is licensed under the MIT license and we triage actively on GitHub. We enthusiastically welcome contributions and feedback. See Contributing.md for guidelines, branch information, build instructions, and legalese.

License

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License");

We Value and Adhere to the Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.