Monthly Archives: April 2024

Implement a secure Blazor Web application using OpenID Connect and security headers

April 15, 2024 · by · in ASP.NET Core, dotnet, Uncategorized · 9 Comments

This article shows how to implement a secure .NET 8 Blazor Web application using OpenID Connect and security headers with CSP nonces. The NetEscapades.AspNetCore.SecurityHeaders nuget package is used to implement the security headers and OpenIddict is used to implement the OIDC server. Code: https://github.com/damienbod/BlazorWebOidc OpenIddict is used as the identity provider and an OpenID connect […]

BFF secured ASP.NET Core application using downstream API and an OAuth client credentials JWT

April 8, 2024 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Security, Web · 6 Comments

This article shows how to implement a web application using backend for frontend security architecture for authentication and consumes data from a downstream API protected using a JWT access token which can only be accessed using an app-to-app access token. The access token is acquired using the OAuth2 client credentials flow and the API does […]

Create conditional access base policies for a Microsoft Entra ID tenant

April 2, 2024 · by · in Azure, Logging · 2 Comments

This article shows some of the base conditional access policies which can be implemented for all Microsoft Entra ID tenants. Phishing resistant authentication should be required for all administration flows and some other user policies like sign-in risk MFA or terms of conditions. I recommend these base policies when implementing an Microsoft Entra ID tenant […]