Sr IAM Developer (.net) – Hays

Sr .IAM Developer (.Net)

Client: Not for Profit

Role: Sr .IAM Developer (.Net)

Job Type: Contract (6 months)

Location: Remote EST hrs

Your New Company

Our client is a not-for-profit organization and seeking senior software developer with expertise in SSO, Oauth, .Net.

Your New Role:

Project is to unify member login system between main website, e-commerce site (third party), and e-learning site in development (third party) using a modern SSO implementation. With the client as the Identity Provider, the new system must connect to their on-the-prem-member database, issuing tokens and claims based on that data; it must be secure, performant, and extensible to future services.

• Design and implement a secure, standard-compliant Single Sign-On (SSO) system using OAuth 2.1 / OpenID

Connect (OIDC), with the organization serving as the Identity Provider.

• Deploy and configure the Identity Provider (IdP) to support the new authentication system.

• Define, implement, and document the token and claims model.

• Develop a comprehensive database migration plan and migrate existing Umbraco 4 / SQL Server user data into

the new SSO platform.

• Integrate the SSO solution with internal and external web applications.

• Produce detailed documentation for all secure integrations and system interactions.

• Prepare, test, and validate a fully production-ready configuration for deployment.

• Train the existing IT team on maintenance, monitoring, and ongoing support of the solution.

What You’ll Need:

• Experience working in a Microsoft Windows domain environment.

• Identity & Security:

o Strong understanding of OAuth 2.1 and OpenID Connect (OIDC) flows (Authorization Code Flow, PKCE, Refresh

Tokens, JIT migration etc.)

o Experience with IdentityServer4 or Duende IdentityServer (self-hosted).

1. Experience implementing IdPs and integrating RPs (clients)

2. Experience with OWIN/Katana

• Authentication Frameworks / Libraries:

o ASP.NET Core Identity,

o Duende IdentityServer

o Familiarity with JWT, JWK, and claims-based authorization

• Web & API Development:

o C# / ASP.NET Core (middleware, controllers, dependency inversion, dependency injection)

o RESTful API design and token-secured endpoints

o Understanding of classic ASP.NET Membership / Forms Authentication to support Umbraco 4 migration.

o Experience implementing logging and monitoring for authentication systems (e.g., audit logs, failed login alerts,

token usage logs).

3. Knowledge of Windows Server / IIS deployment

4. Familiarity with .NET Framework 4.6.1 and WebForms

• Database Integration & Migration:

o SQL Server / T-SQL proficiency

o Experience with data migrations (hash migrations, identity mapping, user normalization)

5. Knowledge of Umbraco 4 Membership Provider or older ASP.NET Membership schemas

6. Security Best Practices:

o Familiarity with PBKDF2 / bcrypt / Argon2 password hashing

o Secure handling of PII, tokens, and secrets

o Understanding of CORS, CSRF, TLS, and OWASP Top 10

Experience with any of following would be considered a strong asset:

• JavaScript experience for handling redirects and tokens in browser-based apps / experience with modern

frameworks such Blazor.

• Docker, CI/CD pipelines (GitHub Actions / Azure DevOps) for deployment and version control

• Experience testing authentication and authorization flows (unit and integration tests; Postman, Swagger etc)

• Understanding of affiliate-based identity design (users belonging to multiple orgs).

• Familiarity with Canadian privacy law (PIPEDA/FIPPA) for user data handling.

• Comfortable training internal developers on using and maintaining the new SSO endpoints and claims.

What You’ll get in Return

The client is offering a contract engagement with remote option.