Monthly Archives: May 2025

Revisiting using a Content Security Policy (CSP) nonce in Blazor

May 26, 2025 · by damienbod · in Uncategorized · 2 Comments

This blog looks at implementing a strong Content Security Policy (CSP) in web applications implemented using Blazor and ASP.NET Core. When implementing CSP, I always recommend using a CSP nonce or at least CSP hashes. If a technical stack does not support CSP nonces, you should probably avoid using this solution when implementing secure and […]

Using multiple external identity providers from ASP.NET Core Identity and Duende IdentityServer

This blog post shows how an ASP.NET Core Identity application can integrate and implement multiple external identity providers. An OIDC client UI uses the solution and is implemented using Duende IdentityServer. The same scheme is used for all the external providers and mapped to the identity for the client UI and the application. Using OpenID […]

Implement client assertions with client credentials flow using OAuth DPoP

May 12, 2025 · by damienbod · in .NET, .NET Core, ASP.NET Core, OAuth2, Security · 3 Comments

This blog looks at implementing client assertions for the client credentials flow using OAuth 2.0 Demonstration of Proof-of-Possession (DPoP). The client credentials flow is an OAuth 2.0 authorization grant type used for machine-to-machine authentication. DPoP further strengthens the security by ensuring that the client possesses a specific key at the time of the request, forcing […]

Software Engineering

Monthly Archives: May 2025

Revisiting using a Content Security Policy (CSP) nonce in Blazor

Implement client assertions with client credentials flow using OAuth DPoP

Categories

blogs 1 web, general

blogs 2 security

blogs 3 Azure

blogs 4 SSI DID

blogs 5a

blogs 5b

tools

web

Meta

Archives