Monthly Archives: November 2023

Improve ASP.NET Core authentication using OAuth PAR and OpenID Connect

November 20, 2023 · by damienbod · in Uncategorized · 4 Comments

This article shows how an ASP.NET Core application can be authenticated using OpenID Connect and OAuth 2.0 Pushed Authorization Requests (PAR) RFC 9126. The OpenID Connect server is implemented using Duende IdentityServer. The Razor Page ASP.NET Core application authenticates using an OpenID Connect confidential client with PKCE and using the OAuth PAR extension. By using […]

Authentication with multiple identity providers in ASP.NET Core

November 13, 2023 · by damienbod · in .NET Core, ASP.NET Core, dotnet, OAuth2 · 2 Comments

This article shows how to implement authentication in ASP.NET Core using multiple identity providers or secure token servers. When using multiple identity providers, the authentication flows need to be separated per scheme for the sign-in flow and the sign-out flow. The claims are different and would require mapping logic depending on the authorization logic of […]

Using a strong nonce based CSP with Angular

November 6, 2023 · by damienbod · in angular, javascript · 4 Comments

This article shows how to use a strong nonce based CSP with Angular for scripts and styles. When using a nonce, the overall security can be increased and it is harder to do XSS attacks or other type of attacks in the web UI. A separate solution is required for development and production deployments. Code: […]

Software Engineering

Monthly Archives: November 2023

Improve ASP.NET Core authentication using OAuth PAR and OpenID Connect

Authentication with multiple identity providers in ASP.NET Core

Using a strong nonce based CSP with Angular

Categories

blogs 1 web, general

blogs 2 security

blogs 3 Azure

blogs 4 SSI DID

blogs 5a

blogs 5b

tools

web

Meta

Archives