At least in the .NET space, IdentityServer is a prominent candidate for implementing token-based security in your .NET and ASP.NET applications, server-side or SPAs. After the license change of the popular open-source library, many are wondering if there are any viable alternatives. If you are an existing IdentityServer user, you may want to check out their license model and see if it would be feasible for you to buy a license and just continue with it. Switching the token server to a different solution may not be that easy and cheap.
In my last articles on how to prepare your IdentityServer for Chromes SameSite Cookie changes and how to correctly delete your SameSite Cookies in Chrome 80 I explained the changes that Chrome did to its SameSite Cookie implementation, how that might affect you and how to avoid problems arising from these changes.
How To Prepare Your IdentityServer For Chrome’s SameSite Cookie Changes – And How To Deal With Safari, Nevertheless
First, the good news: In February 2020 Google is going to release Chrome 80. This release will include Google’s implementation of ‚Incrementally better Cookies‘, which will make the web a more secure place and helps to ensure better privacy for users.
In my last article I explained how the changes in Chrome 80 (February 2020) can break your existing web sites or web applications, because SameSite cookies will be treated differently. In that post I focused on how to correctly set your cookies and how to mitigate incompatibilities between different browsers, as certain Safari versions don’t work correctly with the new way that Chrome enforces.