Author Archives: damienbod

Auto Generated .NET API Clients using NSwag and Swashbuckle Swagger

This article shows how auto generated code for a C# HTTP API client could be created using Swagger and NSwag . The API was created using ASP.NET Core MVC. Code https://github.com/damienbod/csvSwaggerExample Create the API using ASP.NET Core and Swashbuckle Swagger The API is created using ASP.NET Core with Swashbuckle. Add the required Nuget packages to […]

Using Azure Key Vault from a non-Azure App

In this article, I show how Azure Key Vault can be used with a non Azure application. An example of this, is a console application used for data migrations, or data seeding during release pipelines. This app could then read the secret connection strings from the Key Vault, and then do the app logic as […]

Securing a Vue.js app using OpenID Connect Code Flow with PKCE and IdentityServer4

This article shows how to setup a Vue.js SPA application to authenticate and authorize using OpenID Connect Code flow with PKCE. This is good solution when implementing SPA apps requesting data from APIs on separate domains. The oidc-client-js npm package is used to implement the client side authentication logic and validation logic. IdentityServer4 and ASP.NET […]

Passing Javascript values to ASP.NET Core View components

In this post, I show how an ASP.NET Core MVC view can send a Javascript parameter value to an ASP.NET Core view component. Invoking a view component in the view using ‘@await Component.InvokeAsync’ will not work, as this is rendered before the Javascript value has been created. Code: https://github.com/damienbod/AspNetCoreBootstrap4Validation History 2019-01-24 Added an Anti-Forgery token […]

Is a SPA less secure than a server rendered web application?

In this post, I try to explain some of the differences between a single page application and a server rendered application and why the application types have different threat models. What is an Single Page Application (SPA)? A single page application runs in the browser, and handles routing in the client without posting back to […]

Securing Angular applications using the OpenID Connect Code Flow with PKCE

In this post, I show how an Angular application could be secured using the OpenID Connect Code Flow with Proof Key for Code Exchange (PKCE). The Angular application uses the OIDC lib angular-auth-oidc-client. In this example, the src code is used directly, but you could also use the npm package. Here’s an example which uses […]

Deploying ASP.NET Core App Services using Azure Key Vault and Azure Resource Manager templates

This article shows how to create an Azure Resource Manager (ARM) template which uses an Azure Key Vault. The ARM template is used to deploy an ASP.NET Core application as an Azure App Service. By using an Azure Resource Group project, the secret app settings can be fetched from the Azure Key Vault during deployment, […]