Category Azure

Implement a secure MCP server using OAuth DPoP and Duende identity provider

November 3, 2025 · by · in .NET Core, ASP.NET Core, Azure, MCP, OAuth2, Open AI, OpenId, Security · 1 Comment

This post demonstrates how an ASP.NET Core application can connect to a secure MCP server using OpenID Connect and OAuth. Both applications use Duende IdentityServer as the identity provider. The MCP server requires delegated DPoP access tokens. Code: https://github.com/damienbod/McpOidcOAuth Setup The UI application authenticates with the Duende IdentityServer using OpenID Connect. Upon successful authentication, a […]

Implement a secure MCP OAuth desktop client using OAuth and Entra ID

October 16, 2025 · by · in .NET, .NET Core, ASP.NET Core, Azure, Entra CIAM, MCP, Microsoft Entra External ID, Microsoft Entra ID, OAuth2, Open AI, Security · 1 Comment

The article demonstrates how to implement a secure MCP OAuth desktop client using Microsoft Entra ID. The MCP server is built with ASP.NET Core and secured using Microsoft Entra ID. The MCP client is a .NET console application that must acquire an OAuth access token to interact with the MCP server. Code: https://github.com/damienbod/McpSecurity Setup A […]

Implement a secure MCP server using OAuth and Entra ID

September 23, 2025 · by · in .NET, .NET Core, ASP.NET Core, dotnet, Entra CIAM, MCP, Microsoft Entra External ID, OAuth2, Open AI, OpenId · 2 Comments

The article shows how to implement a secure model context protocol (MCP) server using OAuth and Entra ID. The MCP server is implemented using ASP.NET Core and uses Microsoft Entra ID to secure the API. An ASP.NET Core application using Azure OpenAI and semantic kernel is used to implement the MCP client for the agent […]

ASP.NET Core delegated Microsoft OBO access token management (Entra only)

March 25, 2025 · by · in .NET, .NET Core, App Service, Azure, dotnet, Microsoft Entra ID, OAuth2, Security · 1 Comment

This blog shows how to implement a delegated Microsoft On-Behalf-Of flow in ASP.NET Core, and has a focus on access token management. The solution uses Microsoft.Identity.Web to implement the different flows and it really simple to implement, when you know how to use the Nuget package and use the correct Microsoft documentation. The application can […]

Using Entra External ID with an Auth0 OpenID Connect identity provider

December 9, 2024 · by · in ASP.NET Core, Microsoft Entra External ID, Microsoft Entra ID, OAuth2, Security · Leave a comment

This post looks at implementing an Open ID Connect identity provider in Microsoft Entra External ID. Auth0 is used as the identity provider and an ASP.NET Core application is used to test the authentication. Microsoft Entra External ID federates to Auth0. Client code: https://github.com/damienbod/EntraExternalIdCiam Microsoft Entra External ID supports federation using OpenID Connect and was […]

ASP.NET Core and Angular BFF using a YARP downstream API protected using certificate authentication

November 4, 2024 · by · in angular, ASP.NET Core, Azure, javascript, Microsoft Entra ID, OAuth2, Security · Leave a comment

This article demonstrates how to implement a downstream API protected by certificate authentication using Microsoft YARP reverse proxy in an ASP.NET Core web application. The application uses Angular for its UI and secures both the UI and the ASP.NET Core backend through a backend-for-frontend security architecture. The downstream API is secured with certificate authentication and […]

Microsoft Entra ID App-to-App security architecture

October 7, 2024 · by · in .NET Core, App Service, ASP.NET Core, Azure, Azure Key Vault, Microsoft Entra ID · 4 Comments

This article looks at the different setups when using App-to-App security with Microsoft Entra ID (OAuth client credentials). Microsoft Entra App registrations are used to configure the OAuth clients and resources. For each tenant, an Enterprise application is created for the client App registration when the consent is granted. The claims in the access token […]

Sonar Webinar, end to end security of a web application

June 11, 2024 · by · in .NET Core, angular, ASP.NET Core, Azure, dotnet, Microsoft Entra ID, OAuth2, Security, Typescript · 1 Comment

I did a Webinar on application security with Denis Troller and Sonar. I would like to thank Sonar for this opportunity, I really enjoyed it and found doing this together with you really professional, pleasant and fun to do. Here’s the recording: Link to the Sonar Q&A: https://community.sonarsource.com/t/webinar-end-to-end-security-in-a-web-application/115405 Link to the repository: https://github.com/damienbod/EndToEndSecurity

Implement a Microsoft Entra ID external authentication method using ASP.NET Core and OpenIddict

May 27, 2024 · by · in ASP.NET Core, Azure, dotnet, Microsoft Entra External ID, Microsoft Entra ID · 3 Comments

The article shows how to implement a Microsoft Entra ID external authentication method (EAM) using ASP.NET Core, OpenIddict and FIDO2/passkeys. The application using ASP.NET Core Identity to manage the accounts and the passkeys. Code: https://github.com/damienbod/MfaServer The following flow diagram from the Microsoft docs explains how EAM works. Refer to the documentation for a full explanation. […]

Using SonarCloud with ASP.NET Core, Angular and github actions

May 13, 2024 · by · in angular, ASP.NET Core, dotnet, javascript, Microsoft Entra ID, Typescript, Web · 2 Comments

This article demonstrates how to implement code analysis and Static Application Security Testing (SAST) using SonarCloud and GitHub Actions. The solution involves building a secure web application with ASP.NET Core for the backend and an Angular UI for the frontend, following a backend-for-frontend security architecture. Both the ASP.NET Core (C#) codebase and the Angular (TypeScript […]

Older posts