While Duende’s most notable offering is the IdentityServer SDK, the OpenID Connect and OAuth solution for .NET developers, we provide more value with other products, services, and libraries.
In this post, we will explain the commercial and free open-source options we offer .NET developers, the problems these solutions solve, and how you can use them to improve a .NET application’s security posture.
Duende IdentityServer
Duende IdentityServer is a highly extensible, standards-compliant software development kit (SDK) for implementing OpenID Connect providers and OAuth 2.x authorization servers in ASP.NET Core. This helps you manage end-user authentication and resource access to your most sensitive systems. It includes features such as highly customizable access and identity token issuance, key management, PKCE, PAR, DPoP, and more.
Duende IdentityServer offers deep flexibility for handling application and end-user authentication and API access control that can be adapted to fit complex custom security and business scenarios. Using Duende IdentityServer, organizations can build Single Sign-On for multiple applications using a centralized approach, reducing the need for repetitive and tedious tasks. With the OpenID Connect standard, support sign-on for various application types, including web applications, native applications, and machine-to-machine communication.
Unlike other offerings, Duende IdentityServer is an SDK that allows developers to handle any scenarios their stakeholders can imagine without compromising security and standards compliance. Some engaging scenarios we’ve helped organizations implement include multi-tenant identity solutions for highly dynamic SaaS systems, multi-factor authentication (MFA), hardware key integration, and B2C and B2B applications in almost any industry you can imagine.
OpenID Connect and OAuth underpin many security solutions today. Their widespread adoption has enabled developers to integrate more solutions without worrying about exposing security vulnerabilities. Duende IdentityServer has several license tiers (including a Community Edition), and an approachable Community Edition for individuals, smaller companies, and non-profits.
As we like to describe it: “we take care of the complicated security parts, you fill in your business requirements”.
Learn more about Duende IdentityServer in our official documentation.
Duende BFF Security Framework
With threat actors increasingly targeting Single-Page Applications (SPAs), it becomes more critical than ever that access tokens are not stored in the browser. The Backend-for-Frontend (BFF) Security Framework is an SDK library that implements the BFF pattern (as described in the OAuth 2.1 Browser-Based Applications Current Best Practice) to help keep your SPAs safe and secure.
Features include:
- Protection from Token Extraction attacks
- Built-in CSRF Attack protection
- Secure server-side handling of OpenID Connect authentication and OAuth access token requests
- Client-side session management APIs
- Back-channel logout
- Securing access to local and external APIs as a reverse proxy.
- Server-side Session State Management
- Blazor Authentication State Management
With Duende's help, you can implement the latest recommendations for securing browser-based applications from the Internet Engineering Task Force (IETF). Duende is ready for the next version of OAuth 2.1 today and prepared to help you implement the best current practices.
Learn more about Duende’s BFF Security Framework at the official documentation.
Access Token Management
Every client application in an OpenID Connect and OAuth architecture needs token management. Access Tokens are meant to be short-lived and fleeting. In concept, they’re easy to understand, but managing these lifetimes can be painful and error-prone. Duende.AccessTokenManagement helps developers implement a worry-free approach to acquiring, refreshing, and revoking tokens in their .NET applications. This library is used wherever a token is needed, whether in an ASP.NET Core application or a service worker.
Learn more about Duende.AccessTokenManagement.
Duende IdentityModel OIDC Client
The Duende.IdentityModel.OidcClient is a companion library for anyone building OpenID Connect and OAuth-enabled native frontend applications. It is a certified OpenID Connect relying party implementation. It can be used anywhere you can write and deploy native .NET client applications, which includes MAUI apps (Windows, iOS, Android), WinForms, WPF, Windows Console applications, and more.
Learn more about Duende.IdentityModel.OidcClient at the official documentation.
Duende IdentityModel
The nomenclature of OpenID Connect and OAuth 2.0 is sprawling and can be difficult for anyone to understand fully and implement. The Duende.IdentityModel library encapsulates all the relevant objects found in the OAuth and OpenID specifications into an easy-to-use package. The types included represent the requests and responses, in addition to extension methods to invoke request constants defined in the specifications, such as standard scope, claim, and parameter names, and other convenience methods for performing identity-related operations.
This library is actually at the heart of all offerings. It is a must-have for anyone working with these security protocols. Learn more about Duende.IdentityModel.
Notable Mentions
Part of what makes Duende’s products approachable is the emphasis on developer experience. This section lists some of our efforts to improve educational security material in the .NET space, and ultimately help developers deliver more secure solutions at a higher velocity.
Duende Templates
Whether you’re new to Duende’s products or have been a long-time customer, the Duende Templates are a great starting point for learning or launching a new project. Using the .NET templating system, Duende offers a library of samples and templates accessible from your favorite development tools. First, use the dotnet command line and install the templates in your local development environment.
dotnet new install Duende.Templates
From here, choose between variations of the Duende IdentityServer or BFF templates.
IdentityServer Demo Server
A great starting point for all .NET developers is to check out our IdentityServer demo server, which is publicly available to integrate with any sample ASP.NET Core application. Try the many available security OpenID Connect and OAuth 2.0 features in your ASP.NET Core application before setting up your own Duende IdentityServer instance.
Head on over to https://demo.duendesoftware.com/ and give it a try.
Duende Documentation
Excellent documentation is at the heart of all successful products and services, and at docs.duendesoftware.com, you have access to decades of security experience distilled into searchable documentation. Here, we combine big-picture ideas, quick starts, SDK references, and troubleshooting guides to help your projects succeed.
Visit the Duende documentation for more in-depth information about all our products and services.
Duende Community
With over a decade in existence, the Duende community is filled with knowledgeable and capable members who help each other and receive help from our world-class technical support teams. Whether you’re just starting your Duende security journey or are a seasoned developer with an interesting question, you can get positive engagement from our community discussions. Enterprise customers can also escalate questions or issues into a private setting for white-glove support from our customer success team.
Join the discussion at the Duende Community Discussions.
Conclusion
Duende offers a comprehensive suite of .NET security solutions beyond just IdentityServer, including tools like the BFF Security Framework, Access Token Management, IdentityModel, and the OIDC Client. These products address modern security challenges such as SPA protection, token management, and OIDC implementation. Resources like Duende Templates, the IdentityServer Demo Server, and in-depth documentation complement these offerings.
Duende is a leading .NET security company because it focuses on providing highly extensible, standards-compliant SDKs that allow developers to handle complex security scenarios without compromising user experience. Duende's solutions and resources are built on deep expertise in OpenID Connect and OAuth 2, ensuring developers can create more secure applications at a higher velocity, backed by decades of distilled security experience.
We hope you try these other offerings. Let us know in the comments if you have any feedback. Also, visit our Duende Community Discussions for questions and community conversations around Duende and .NET security.