Category ASP.NET Core

Authentication with multiple identity providers in ASP.NET Core

November 13, 2023 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2 · 2 Comments

This article shows how to implement authentication in ASP.NET Core using multiple identity providers or secure token servers. When using multiple identity providers, the authentication flows need to be separated per scheme for the sign-in flow and the sign-out flow. The claims are different and would require mapping logic depending on the authorization logic of […]

Fix missing tokens when using downstream APIs and Microsoft Identity in ASP.NET Core

October 18, 2023 · by · in ASP.NET Core, Azure, Entra CIAM, graph, Microsoft Entra External ID, Microsoft Entra ID, OAuth2, Security · 2 Comments

This article shows how a secure ASP.NET Core application can use Microsoft Entra ID downstream APIs and an in-memory cache. When using in-memory cache and after restarting an application, the tokens are missing for a value session stored in the cookie. The application needs to recover. Code: https://github.com/damienbod/bff-aspnetcore-angular OpenID Connect client setup The ASP.NET Core […]

Issue and verify BBS+ verifiable credentials using ASP.NET Core and trinsic.id

October 9, 2023 · by · in .NET Core, ASP.NET Core, OAuth2, Security, Self Sovereign Identity · 2 Comments

This article shows how to implement identity verification in a solution using ASP.NET Core and trinsic.id, built using an id-tech solution based on self sovereign identity principals. The credential issuer uses OpenID Connect to authenticate, implemented using Microsoft Entra ID. The edge or web wallet authenticates using trinsic.id based on a single factor email code. […]

Implement a secure web application using Vue.js and an ASP.NET Core server

October 2, 2023 · by · in .NET, .NET Core, App Service, ASP.NET Core, Azure, Entra CIAM, Microsoft Entra External ID, Microsoft Entra ID · 1 Comment

This article shows how to implement a secure web application using Vue.js and ASP.NET Core. The web application implements the backend for frontend security architecture (BFF) and deploys both technical stack distributions as one web application. HTTP only secure cookies are used to persist the session. Microsoft Entra ID is used as the identity provider […]

Secure Angular application using OpenIddict and ASP.NET Core with BFF

September 25, 2023 · by · in .NET Core, ASP.NET Core, OAuth2 · 11 Comments

The article shows how an Angular nx Standalone UI hosted in an ASP.NET Core application can be secured using cookies. OpenIddict is used as the identity provider. The trusted application is protected using the Open ID Connect code flow with a secret and using PKCE. The API calls are protected using the secure cookie and anti-forgery […]

Secure Angular application using Auth0 and ASP.NET Core with BFF

September 18, 2023 · by · in .NET Core, angular, ASP.NET Core, javascript, OAuth2, Security, Typescript · 3 Comments

The article shows how an Angular nx Standalone UI hosted in an ASP.NET Core application can be secured using cookies. Auth0 is used as the identity provider. The trusted application is protected using the Open ID Connect code flow with a secret and using PKCE. The API calls are protected using the secure cookie and anti-forgery tokens […]

Implement a secure web application using nx Standalone Angular and an ASP.NET Core server

September 11, 2023 · by · in .NET Core, angular, App Service, ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID · 10 Comments

This article shows how to implement a secure web application using Angular and ASP.NET Core. The web application implements the backend for frontend security architecture (BFF) and deploys both technical stack distributions as one web application. HTTP only secure cookies are used to persist the session. Microsoft Entra ID is used as the identity provider […]

Use multiple Microsoft Entra Verified ID credentials in a verification presentation

August 31, 2023 · by · in .NET, .NET Core, ASP.NET Core, dotnet, Microsoft Entra ID, OAuth2, Security, Self Sovereign Identity · 1 Comment

This post shows how a Microsoft Entra ID verified employee credential can be used together with a self attestation credential to unlock a door. Using this, a person can prove they know a code and prove their employee status. Code: https://github.com/swiss-ssi-group/EntraEmployeeUnlockDoor Get your Verified Employee credential To use this app, the Microsoft Entra employee credential […]

ASP.NET Core Logging using Serilog and Azure

August 21, 2023 · by · in .NET Core, App Service, ASP.NET Core, Azure · 10 Comments

This article shows how to implement logging in an ASP.NET Core application using Serilog and Azure as a hosting environment. Code: https://github.com/damienbod/aspnetcore-azure-logging History Priority logging use cases Two types of default logging use cases need to be supported in most software solutions. The application requires near real time logs which can be easily viewed and […]

Securing APIs using ASP.NET Core and OAuth 2.0 DPoP

August 14, 2023 · by · in .NET Core, ASP.NET Core, OAuth2 · 2 Comments

This article shows how an ASP.NET Core application can access an ASP.NET Core API using OAuth Demonstrating Proof-of-Possession (DPoP). This is a really powerful security enhancement which is relatively easy to support. The access tokens should only be used for what the access tokens are intended for. OAuth DPoP helps force this. This solution was […]

Older posts Newer posts