Author Archives: damienbod
Running Razor Pages and a gRPC service in a single ASP.NET Core application
This article shows how ASP.NET Core Razor Pages can be run in the same application as a gRPC service. Code: https://github.com/damienbod/Secure_gRpc Posts in this series Security Experiments with gRPC and ASP.NET Core 5 Running Razor Pages and a gRPC service in a single ASP.NET Core application gRPC Bi-directional streaming with Razor Pages and a Hosted […]
Security Experiments with gRPC and ASP.NET Core 5
This article shows how a gRPC service could implement OAuth2 security using IdentityServer4 as the token service. Code: https://github.com/damienbod/Secure_gRpc Posts in this series Security Experiments with gRPC and ASP.NET Core 5 Running Razor Pages and a gRPC service in a single ASP.NET Core application gRPC Bi-directional streaming with Razor Pages and a Hosted Service gRPC […]
ASP.NET Core OAuth Device Flow Client with IdentityServer4
This article shows how to implement the OAuth 2.0 Device Flow for Browserless and Input Constrained Devices in an ASP.NET Core application. The tokens are then saved to a cookie for later usage. IdentityServer4 is used to implement the secure token server. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi History 2020-12-11 Updated to .NET 5 2019-10-06 Updated to .NET Core […]
Auto Generated .NET API Clients using NSwag and Swashbuckle Swagger
This article shows how auto generated code for a C# HTTP API client could be created using Swagger and NSwag . The API was created using ASP.NET Core MVC. Code https://github.com/damienbod/csvSwaggerExample Create the API using ASP.NET Core and Swashbuckle Swagger The API is created using ASP.NET Core with Swashbuckle. Add the required Nuget packages to […]
Securing a Vue.js app using OpenID Connect Code Flow with PKCE and IdentityServer4
This article shows how to setup a Vue.js SPA application to authenticate and authorize using OpenID Connect Code flow with PKCE. This is good solution when implementing SPA apps requesting data from APIs on separate domains. The oidc-client-js npm package is used to implement the client side authentication logic and validation logic. IdentityServer4 and ASP.NET […]
Passing Javascript values to ASP.NET Core View components
In this post, I show how an ASP.NET Core MVC view can send a Javascript parameter value to an ASP.NET Core view component. Invoking a view component in the view using ‘@await Component.InvokeAsync’ will not work, as this is rendered before the Javascript value has been created. Code: https://github.com/damienbod/AspNetCoreBootstrap4Validation History 2019-01-24 Added an Anti-Forgery token […]
Is a SPA less secure than a server rendered web application?
In this post, I try to explain some of the differences between a single page application and a server rendered application and why the application types have different threat models. What is an Single Page Application (SPA)? A single page application runs in the browser, and handles routing in the client without posting back to […]
Securing Angular applications using the OpenID Connect Code Flow with PKCE
In this post, I show how an Angular application could be secured using the OpenID Connect Code Flow with Proof Key for Code Exchange (PKCE). The Angular application uses the OIDC lib angular-auth-oidc-client. In this example, the src code is used directly, but you could also use the npm package. Here’s an example which uses […]
Deploying ASP.NET Core App Services using Azure Key Vault and Azure Resource Manager templates
This article shows how to create an Azure Resource Manager (ARM) template which uses an Azure Key Vault. The ARM template is used to deploy an ASP.NET Core application as an Azure App Service. By using an Azure Resource Group project, the secret app settings can be fetched from the Azure Key Vault during deployment, […]
Software Engineering 