From damienbod.com
ASP.NET Core user delegated access token management
2 2
The article looks at managing user delegated access tokens for a downstream API in an ASP.NET Core web application. There are many ways of implementing this, all with advantages and disadvantages. …
#api #jwt #oidc #oauth #dotnet #aspnetcore #openidconnect
20h ago
From damienbod.com
Using ASP.NET Core with Azure Key Vault
0 0
This article looks at setting up an ASP.NET Core application to use Azure Key Vault. When deployed to Azure, it works like in the Azure documentation but when working on development PCs, some chang…
on Dec 14
From damienbod.com
Using Entra External ID with an Auth0 OpenID Connect identity provider
0 0
This post looks at implementing an Open ID Connect identity provider in Microsoft Entra External ID. Auth0 is used as the identity provider and an ASP.NET Core application is used to test the authe…
on Dec 9
From damienbod.com
ASP.NET Core BFF using OpenID Connect and Vue.js
0 0
This article shows how to implement a secure web application using Vue.js and ASP.NET Core. The web application implements the backend for frontend security architecture (BFF) and deploys both tech…
on Nov 18
From damienbod.com
ASP.NET Core and Angular BFF using a YARP downstream API protected using certificate authentication
0 0
This article demonstrates how to implement a downstream API protected by certificate authentication using Microsoft YARP reverse proxy in an ASP.NET Core web application. The application uses Angul…
on Nov 4
From damienbod.com
Implement security headers for an ASP.NET Core API supporting OpenAPI Swagger UI
0 0
This article shows how to implement security headers for an application supporting an API and a swagger UI created from a open API in .NET 9. The security headers are implemented using the NetEscap…
on Oct 21
From damienbod.com
Microsoft Entra ID App-to-App security architecture
0 0
This article looks at the different setups when using App-to-App security with Microsoft Entra ID (OAuth client credentials). Microsoft Entra App registrations are used to configure the OAuth clien…
on Oct 7
From damienbod.com
Implement a Geo-distance search using .NET Aspire, Elasticsearch and ASP.NET Core
0 0
This article shows how to implement a geo location search in an ASP.NET Core application using a LeafletJs map. The selected location can be used to find the nearest location with an Elasticsearch …
on Sep 23
From damienbod.com
Using Elasticsearch with .NET Aspire
0 0
This post shows how to use Elasticsearch in .NET Aspire. Elasticsearch is setup to use HTTPS with the dotnet developer certificates and and simple client can be implemented to query the data. Code:…
on Sep 16
From damienbod.com
Implementing an Audit Trail using ASP.NET Core and Elasticsearch
0 0
This article shows how an audit trail can be implemented in ASP.NET Core which saves the audit documents to Elasticsearch using the Elastic.Clients.Elasticsearch Nuget package. Code: History 2024-0…
on Sep 11
From damienbod.com
Implement OpenID Connect Back-Channel Logout using ASP.NET Core, Keycloak and .NET Aspire
0 0
This post shows how to implement an OpenID Connect back-channel logout using Keycloak, ASP.NET Core and .NET Aspire. The Keycloak and the Redis cache are run as containers using .NET Aspire. Two AS…
on Sep 9
From damienbod.com
Implement ASP.NET Core OpenID Connect OAuth PAR client with Keycloak using .NET Aspire
0 1
This post shows how to implement an ASP.NET Core application which uses OpenID Connect and OAuth PAR for authentication. The client application uses Keycloak as the identity provider. The Keycloak …
on Sep 2
From damienbod.com
Securing an ASP.NET Core Razor Page App using OpenID Connect Code flow with PKCE
0 1
This article shows how to secure an ASP.NET Core Razor Page application using the Open ID Connect code flow with PKCE (Proof Key for Code Exchange). The secure token server is implemented using Due…
on Aug 14
From damienbod.com
Add a Swagger UI using a .NET 9 Json OpenAPI file
0 1
This post shows how to implement a Swagger UI using a .NET 9 produced OpenAPI file. The Swagger UI is deployed to a secure or development environment and is not deployed to a public production targ…
on Aug 12
From damienbod.com
Implementing an ASP.NET Core API with .NET 9 and OpenAPI
0 0
This post implements a basic ASP.NET Core API using .NET 9 and the Microsoft OpenAPI implementation. The OpenAPI Nuget package supports both Controller based APIs and minimal APIs. Until now, we us…
on Aug 6
From damienbod.com
0 0
This article looks at different ways to create hashes in .NET Core. Hashes are useful for one way encryption which can be used for password storage, JWT validation and some other security use cases…
on Jul 9
From damienbod.com
Securing Azure Functions using an Azure Virtual Network
0 0
In this post, an Azure Function is deployed in a Azure Virtual Network and the access to the Azure Function is restricted so that it cannot be reach from the Internet. Only Applications deployed in…
on Jul 5
From damienbod.com
Securing Azure Functions using API Keys
0 0
This article shows how to secure Azure Functions using API Keys. This is useful, if you have no control over the API client implementation, the client code base cannot be easily changed or the clie…
on Jul 5
From damienbod.com
Securing Azure Functions using certificate authentication
0 0
This article shows how to secure Azure Functions using X509 certificates. The client is required to send a specific certificate to access the Azure Function. Code: History 2024-07-05 Updated to .NE…
on Jul 5
From damienbod.com
Securing Azure Functions using ME-ID JWT Bearer token authentication for user access tokens
0 0
This post shows how to implement OAuth security for an Azure Function using user-access JWT Bearer tokens created using Microsoft Entra ID and App registrations. A client web application implemente…
on Jul 5
From damienbod.com
Using Azure Service Bus Queues with ASP.NET Core Services
0 0
This article shows how to implement two ASP.NET Core API applications to communicate with each other using Azure Service Bus. The ASP.NET Core APIs are implemented with Swagger support and uses an …
on Jun 30
From damienbod.com
Sonar Webinar, end to end security of a web application
0 0
I did a Webinar on application security with Denis Troller and Sonar. I would like to thank Sonar for this opportunity, I really enjoyed it and found doing this together with you really professiona…
on Jun 24
From damienbod.com
Creating and downloading a PDF or DOCX in ASP.NET Core
0 0
The post shows how a PDF can be created from data in an ASP.NET Core backend and downloaded using an API. The data could be loaded from different locations and exported then as a PDF or a docx or w…
on Jun 5
From damienbod.com
Implement a Microsoft Entra ID external authentication method using ASP.NET Core and OpenIddict
0 0
The article shows how to implement a Microsoft Entra ID external authentication method (EAM) using ASP.NET Core, OpenIddict and FIDO2/passkeys. The application using ASP.NET Core Identity to manage…
on May 27
From damienbod.com
Using SonarCloud with ASP.NET Core, Angular and github actions
0 0
This article demonstrates how to implement code analysis and Static Application Security Testing (SAST) using SonarCloud and GitHub Actions. The solution involves building a secure web application …
on May 13
From damienbod.com
Implement a secure Blazor Web application using OpenID Connect and security headers
0 0
This article shows how to implement a secure .NET 8 Blazor Web application using OpenID Connect and security headers with CSP nonces. The NetEscapades.AspNetCore.SecurityHeaders nuget package is us…
on Apr 24
From damienbod.com
BFF secured ASP.NET Core application using downstream API and an OAuth client credentials JWT
0 0
This article shows how to implement a web application using backend for frontend security architecture for authentication and consumes data from a downstream API protected using a JWT access token …
on Apr 8
From damienbod.com
Create conditional access base policies for a Microsoft Entra ID tenant
0 0
This article shows some of the base conditional access policies which can be implemented for all Microsoft Entra ID tenants. Phishing resistant authentication should be required for all administrat…
on Apr 2
From damienbod.com
Multi client blob storage access using ASP.NET Core with Entra ID authentication and RBAC
0 0
This article shows how to onboard different clients or organizations in an ASP.NET Core application to use separated Azure blob containers with controlled access using security groups and RBAC appl…
on Mar 4
From damienbod.com
0 0
This article shows how an ASP.NET Core application can control the write access to an Azure blob storage container using an application app registration. Microsoft Entra ID is used to control the u…
on Mar 1
From damienbod.com
Using a CSP nonce in Blazor Web
0 0
This article shows how to use a CSP nonce in a Blazor Web application using the InteractiveServer server render mode. Using a CSP nonce is a great way to protect web applications against XSS attack…
on Feb 20
From damienbod.com
Using Blob storage from ASP.NET Core with Entra ID authentication
0 0
This article shows how to implement a secure upload and a secure download in ASP.NET Core using Azure blob storage. The application uses Microsoft Entra ID for authentication and also for access to…
on Feb 12
From damienbod.com
Secure an ASP.NET Core Blazor Web app using Microsoft Entra ID
0 0
This article shows how to implement an ASP.NET Core Blazor Web application using Microsoft Entra ID for authentication. Microsoft.Identity.Web is used to implement the Microsoft Entra ID OpenID Con…
on Feb 5
From damienbod.com
Migrate ASP.NET Core Blazor Server to Blazor Web
0 0
This article shows how to migrate a Blazor server application to a Blazor Web application. The migration used the ASP.NET Core migration documentation, but this was not complete and a few extra ste…
on Jan 22
From damienbod.com
Securing a Blazor Server application using OpenID Connect and security headers
0 0
This article shows how to secure a Blazor Server application. The application implements an OpenID Connect confidential client with PKCE using .NET 8 and configures the security headers as best pos…
on Jan 3, 2024
From damienbod.com
Signing git commits on Windows and using with Github
0 0
This article shows how to setup and sign git commits on Windows for Github. Most of this is already documented on the Github docs, but I ran into trouble when using this with git Extensions on a wi…
on Dec 18, 2023
From damienbod.com
Securing a MudBlazor UI web application using security headers and Microsoft Entra ID
0 0
This article shows how a Blazor application can be implemented in a secure way using MudBlazor UI components and Microsoft Entra ID as an identity provider. The MudBlazor UI components adds some in…
on Dec 13, 2023
From damienbod.com
Improve ASP.NET Core authentication using OAuth PAR and OpenID Connect
0 0
This article shows how an ASP.NET Core application can be authenticated using OpenID Connect and OAuth 2.0 Pushed Authorization Requests (PAR) RFC 9126. The OpenID Connect server is implemented usi…
on Nov 20, 2023
From damienbod.com
Authentication with multiple identity providers in ASP.NET Core
0 0
This article shows how to implement authentication in ASP.NET Core using multiple identity providers or secure token servers. When using multiple identity providers, the authentication flows need t…
on Nov 13, 2023
From damienbod.com
Using a strong nonce based CSP with Angular
0 0
This article shows how to use a strong nonce based CSP with Angular for scripts and styles. When using a nonce, the overall security can be increased and it is harder to do XSS attacks or other typ…
on Nov 6, 2023
From damienbod.com
User claims in ASP.NET Core using OpenID Connect Authentication
0 0
This article shows two possible ways of getting user claims in an ASP.NET Core application which uses an OpenID Connect server. Both ways have advantages and require setting different code configur…
on Nov 5, 2023
From damienbod.com
Secure an Angular application using Microsoft Entra External ID and ASP.NET Core with BFF
0 0
This article looks at implementing an ASP.NET Core application hosting an Angular nx application which authenticates using Microsoft Entra External ID for customers (CIAM). The ASP.NET Core authent…
on Oct 24, 2023
From damienbod.com
Fix missing tokens when using downstream APIs and Microsoft Identity in ASP.NET Core
0 0
This article shows how a secure ASP.NET Core application can use Microsoft Entra ID downstream APIs and an in-memory cache. When using in-memory cache and after restarting an application, the token…
on Oct 18, 2023
From damienbod.com
Issue and verify BBS+ verifiable credentials using ASP.NET Core and trinsic.id
0 0
This article shows how to implement identity verification in a solution using ASP.NET Core and trinsic.id, built using an id-tech solution based on self sovereign identity principals. The credentia…
on Oct 9, 2023
From damienbod.com
Implement a secure web application using Vue.js and an ASP.NET Core server
0 0
This article shows how to implement a secure web application using Vue.js and ASP.NET Core. The web application implements the backend for frontend security architecture (BFF) and deploys both tech…
on Oct 2, 2023