Category Microsoft Entra ID
Implement a secure MCP OAuth desktop client using OAuth and Entra ID
The article demonstrates how to implement a secure MCP OAuth desktop client using Microsoft Entra ID. The MCP server is built with ASP.NET Core and secured using Microsoft Entra ID. The MCP client is a .NET console application that must acquire an OAuth access token to interact with the MCP server. Code: https://github.com/damienbod/McpSecurity Setup A […]
ASP.NET Core delegated Microsoft OBO access token management (Entra only)
This blog shows how to implement a delegated Microsoft On-Behalf-Of flow in ASP.NET Core, and has a focus on access token management. The solution uses Microsoft.Identity.Web to implement the different flows and it really simple to implement, when you know how to use the Nuget package and use the correct Microsoft documentation. The application can […]
Using Entra External ID with an Auth0 OpenID Connect identity provider
This post looks at implementing an Open ID Connect identity provider in Microsoft Entra External ID. Auth0 is used as the identity provider and an ASP.NET Core application is used to test the authentication. Microsoft Entra External ID federates to Auth0. Client code: https://github.com/damienbod/EntraExternalIdCiam Microsoft Entra External ID supports federation using OpenID Connect and was […]
ASP.NET Core and Angular BFF using a YARP downstream API protected using certificate authentication
This article demonstrates how to implement a downstream API protected by certificate authentication using Microsoft YARP reverse proxy in an ASP.NET Core web application. The application uses Angular for its UI and secures both the UI and the ASP.NET Core backend through a backend-for-frontend security architecture. The downstream API is secured with certificate authentication and […]
Microsoft Entra ID App-to-App security architecture
This article looks at the different setups when using App-to-App security with Microsoft Entra ID (OAuth client credentials). Microsoft Entra App registrations are used to configure the OAuth clients and resources. For each tenant, an Enterprise application is created for the client App registration when the consent is granted. The claims in the access token […]
Sonar Webinar, end to end security of a web application
I did a Webinar on application security with Denis Troller and Sonar. I would like to thank Sonar for this opportunity, I really enjoyed it and found doing this together with you really professional, pleasant and fun to do. Here’s the recording: Link to the Sonar Q&A: https://community.sonarsource.com/t/webinar-end-to-end-security-in-a-web-application/115405 Link to the repository: https://github.com/damienbod/EndToEndSecurity
Implement a Microsoft Entra ID external authentication method using ASP.NET Core and OpenIddict
The article shows how to implement a Microsoft Entra ID external authentication method (EAM) using ASP.NET Core, OpenIddict and FIDO2/passkeys. The application using ASP.NET Core Identity to manage the accounts and the passkeys. Code: https://github.com/damienbod/MfaServer The following flow diagram from the Microsoft docs explains how EAM works. Refer to the documentation for a full explanation. […]
Using SonarCloud with ASP.NET Core, Angular and github actions
This article demonstrates how to implement code analysis and Static Application Security Testing (SAST) using SonarCloud and GitHub Actions. The solution involves building a secure web application with ASP.NET Core for the backend and an Angular UI for the frontend, following a backend-for-frontend security architecture. Both the ASP.NET Core (C#) codebase and the Angular (TypeScript […]
Multi client blob storage access using ASP.NET Core with Entra ID authentication and RBAC
This article shows how to onboard different clients or organizations in an ASP.NET Core application to use separated Azure blob containers with controlled access using security groups and RBAC applied roles. Each user in a client group can only access a single blob storage and has no access to blob containers belonging to different clients. […]
Using Blob storage from ASP.NET Core with Entra ID authentication
This article shows how to implement a secure upload and a secure download in ASP.NET Core using Azure blob storage. The application uses Microsoft Entra ID for authentication and also for access to the Azure Blob storage container. Code: https://github.com/damienbod/AspNetCoreEntraIdBlobStorage Blogs in this series Security architecture The application is setup to store the file uploads […]
Software Engineering 