Author Archives: damienbod

Implement a secure MCP server using OAuth DPoP and Duende identity provider

November 3, 2025 · by · in .NET Core, ASP.NET Core, Azure, MCP, OAuth2, Open AI, OpenId, Security · 1 Comment

This post demonstrates how an ASP.NET Core application can connect to a secure MCP server using OpenID Connect and OAuth. Both applications use Duende IdentityServer as the identity provider. The MCP server requires delegated DPoP access tokens. Code: https://github.com/damienbod/McpOidcOAuth Setup The UI application authenticates with the Duende IdentityServer using OpenID Connect. Upon successful authentication, a […]

Use swiyu, the Swiss E-ID to authenticate users with Duende and .NET Aspire

October 27, 2025 · by · in .NET, .NET Core, ASP.NET Core, aspire, e-id, OAuth2, OpenId, Security, Self Sovereign Identity, Uncategorized · 3 Comments

This post shows how to authenticate users using Duende IdentityServer and ASP.NET Core Identity which verifies identities (verifiable digital credentials) using the Swiss Digital identity and trust infrastructure (swiyu). The swiyu infrastructure is implemented using the provided generic containers which implement the OpenID for Verifiable Presentations standards as well as many other standards for implementing […]

Implement a secure MCP OAuth desktop client using OAuth and Entra ID

October 16, 2025 · by · in .NET, .NET Core, ASP.NET Core, Azure, Entra CIAM, MCP, Microsoft Entra External ID, Microsoft Entra ID, OAuth2, Open AI, Security · 1 Comment

The article demonstrates how to implement a secure MCP OAuth desktop client using Microsoft Entra ID. The MCP server is built with ASP.NET Core and secured using Microsoft Entra ID. The MCP client is a .NET console application that must acquire an OAuth access token to interact with the MCP server. Code: https://github.com/damienbod/McpSecurity Setup A […]

Implement a secure MCP server using OAuth and Entra ID

September 23, 2025 · by · in .NET, .NET Core, ASP.NET Core, dotnet, Entra CIAM, MCP, Microsoft Entra External ID, OAuth2, Open AI, OpenId · 2 Comments

The article shows how to implement a secure model context protocol (MCP) server using OAuth and Entra ID. The MCP server is implemented using ASP.NET Core and uses Microsoft Entra ID to secure the API. An ASP.NET Core application using Azure OpenAI and semantic kernel is used to implement the MCP client for the agent […]

Reset Cookies and force new sign-in using ASP.NET Core Identity

August 18, 2025 · by · in Uncategorized · 3 Comments

This post looks at implementing a cookie reset in an ASP.NET Core application using Duende identity server which federates to Entra ID. Sometimes cookies need to be reset for end users due to size problems, or unknown remote authentication server errors. The cookies can be cleared and a new sign in can be forced. Code: […]

Use EdDSA signatures to validate tokens in ASP.NET Core using OpenID Connect

August 6, 2025 · by · in .NET Core, ASP.NET Core, OAuth2, OpenId, Security, Uncategorized · 1 Comment

Some identity providers use the EdDSA / ED25519 algorithm to sign and issue tokens. This post shows how to validate the tokens using the Nuget package from ScottBrady and ASP.NET Core. Using the default OpenID Connect setup, the keys are not read and the tokens cannot be validated. The error message could return something like […]

Issue and verify credentials using the Swiss Digital identity public beta, ASP.NET Core and .NET Aspire

August 4, 2025 · by · in ASP.NET Core, aspire, e-id, OAuth2, OpenId, Security, Self Sovereign Identity · 6 Comments

This post shows how to issue and verify identities (verifiable credentials) using the Swiss Digital identity and trust infrastructure, (swiyu), ASP.NET Core and .NET Aspire. The swiyu infrastructure is implemented using the provided generic containers which implement the OpenID for Verifiable Credential Issuance and the OpenID for Verifiable Presentations standards as well as many other […]

Implement ASP.NET Core OpenID Connect with Keycloak to implement Level of Authentication (LoA) requirements

July 2, 2025 · by · in .NET, .NET Core, ASP.NET Core, OAuth2, Security · 9 Comments

This post looks at implementing an OpenID Connect client in ASP.NET Core and require a level of authentication (LoA) implemented using Keycloak. The applications are hosted using Aspire. The LoA is requested in Keycloak using the acr_values claim. Code: https://github.com/damienbod/IdentityExternalErrorHandling Setup The applications are implemented using Aspire. An ASP.NET Core application uses an OpenID Connect […]

Experimental alternative flow for OAuth First-Party Applications

June 10, 2025 · by · in .NET, .NET Core, ASP.NET Core, OAuth2, Security · 1 Comment

This post looks at an alternative way of implementing a native app authentication and authorization. At present, a web browser is used to implement authentication of native applications when using OAuth and OpenID Connect. The alternative approach implemented in the post is based on the OAuth 2.0 for First-Party Applications draft and adapted to be […]

Handling OpenID Connect error events in ASP.NET Core

June 2, 2025 · by · in .NET, .NET Core, ASP.NET Core, dotnet, OAuth2, Security · 1 Comment

ASP.NET Core provides great extension points for handling OpenID Connect error events. This blog looks at implementing error handling in an ASP.NET Core application implemented using ASP.NET Core Identity. Code: https://github.com/damienbod/IdentityExternalErrorHandling Setup The application uses OpenID Connect to implement the authentication of the user identities. This implements a standard OpenID Connect flow and uses Microsoft […]

Older posts Newer posts