In this post, I try to explain some of the differences between a single page application and a server rendered application and why the application types have different threat models. What is an Single Page Application (SPA)? A single page application runs in the browser, and handles routing in the client without posting back to […]

In this post, I show how an Angular application could be secured using the OpenID Connect Code Flow with Proof Key for Code Exchange (PKCE). The Angular application uses the OIDC lib angular-auth-oidc-client. In this example, the src code is used directly, but you could also use the npm package. Here’s an example which uses […]

This article shows how to create an Azure Resource Manager (ARM) template which uses an Azure Key Vault. The ARM template is used to deploy an ASP.NET Core application as an Azure App Service. By using an Azure Resource Group project, the secret app settings can be fetched from the Azure Key Vault during deployment, […]

This article shows how to use an Azure Key Vault with an ASP.NET Core application deployed as an Azure App Service. The Azure App Service can use the system assigned identity to access the Key Vault. This needs to be configured in the Key Vault access policies using the service principal. Code: https://github.com/damienbod/AspNetCoreBackChannelLogout Posts in […]

This article shows how to implement an OpenID Connect back-channel logout, which uses Azure Redis cache so that the session logout will work with multi instance deployments. Code: https://github.com/damienbod/AspNetCoreBackChannelLogout Posts in this series: OpenID Connect back-channel logout using Azure Redis Cache and IdentityServer4 Using Azure Key Vault with ASP.NET Core and Azure App Services Deploying […]

This article shows how ASP.NET Core applications could be deployed inside a separate host ASP.NET Core MVC application. This could be useful if you have separate applications, services, or layouts but want to have a common user interface, or common deployment to improve the user experience. Code: https://github.com/damienbod/MultipleMvcApps Setup The applications are split into four […]

This article shows how to send Ajax requests in an ASP.NET Core MVC application using jquery-unobtrusive. This can be tricky to setup, for example when using a list of data items with forms using the onchange Javascript event, or the oninput event. Code: https://github.com/damienbod/AspNetCoreBootstrap4Validation Setting up the Project The project uses the npm package.json file, […]