Monthly Archives: August 2021

Improving application security in an ASP.NET Core API using HTTP headers – Part 3

August 30, 2021 · by · in .NET, .NET Core, ASP.NET Core, Security · 10 Comments

This article shows how to improve the security of an ASP.NET Core Web API application by adding security headers to all HTTP API responses. The security headers are added using the NetEscapades.AspNetCore.SecurityHeaders Nuget package from Andrew Lock. The headers are used to protect the session, not for authorization. The application uses Microsoft.Identity.Web to authorize the […]

Improving application security in Blazor using HTTP headers – Part 2

August 23, 2021 · by · in .NET, .NET Core, ASP.NET Core, Security · 3 Comments

This article shows how to improve the security of an ASP.NET Core Blazor application by adding security headers to all HTTP Razor Page responses (Blazor WASM hosted in a ASP.NET Core hosted backend). The security headers are added using the NetEscapades.AspNetCore.SecurityHeaders Nuget package from Andrew Lock. The headers are used to protect the session, not […]

Improving application security in ASP.NET Core Razor Pages using HTTP headers – Part 1

August 16, 2021 · by · in .NET, .NET Core, ASP.NET Core, Security, Web · 4 Comments

This article shows how to improve the security of an ASP.NET Core Razor Page application by adding security headers to all HTTP Razor Page responses. The security headers are added using the NetEscapades.AspNetCore.SecurityHeaders Nuget package from Andrew Lock. The headers are used to protect the session, not for authentication. The application is authenticated using Open […]

Send Emails using Microsoft Graph API and a desktop client

August 9, 2021 · by · in .NET, .NET Core, ASP.NET Core, Azure, OAuth2, Security · 12 Comments

This article shows how to use Microsoft Graph API to send emails for a .NET Core Desktop WPF application. Microsoft.Identity.Client is used to authenticate using an Azure App registration with the required delegated scopes for the Graph API. The emails can be sent with text or html bodies and also with any file attachments uploaded […]

Securing an Angular app which uses multiple identity providers

August 2, 2021 · by · in angular, OAuth2, Security · 4 Comments

Sometimes Angular applications are required to authenticate against multiple identity providers. This blog post shows how to implement an Angular SPA which authenticates using Auth0 for one identity provider and also IdentityServer4 from Duende software as the second. The SPA can logout from both of the identity providers individually and also revoke the refresh token […]