Category javascript

Creating Certificates in .NET Core for Vue.js development using HTTPS

This article shows how to create development certificates for a Vue.js application, so that you can develop using HTTPS. The certificates are created using the CertificateManager nuget package. Code: CreateAngularVueJsDevelopmentCertificates A simple .NET Core console application is used to create the certificates. This type of application can run on most of the standard operating systems. […]

Building and securing an ASP.NET Core API with a hosted Vue.js UI

This article shows how Vue.js can be used together with ASP.NET Core 3 in a single project. The Vue.js application is built using the Vue.js CLI and built to the wwwroot of the ASP.NET Core application. The ASP.NET Core application is used to implement the APIs consumed by the Vue.js UI. The application is secured […]

ASP.NET Core Identity with FIDO2 WebAuthn MFA

This article shows how FIDO2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application. The FIDO2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo code created by Anders Åberg. The application is implemented using ASP.NET Core 3.0 with Identity. For information about Fido2 and WebAuthn, please refer to […]

An alternative way to build and bundle Javascript, CSS in ASP.NET Core MVC and Razor Page projects

This article shows how Javascript packages, files, CSS files could be built and bundled in an ASP.NET Core MVC or Razor Page application. The Javascript packages are loaded using npm in which most Javascript projects are deployed. No CDNs are used, only local files so that all external URLs, non self URL links can be […]

Securing browser based Javascript, Typescript applications

This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]

Securing a Vue.js app using OpenID Connect Code Flow with PKCE and IdentityServer4

This article shows how to setup a Vue.js SPA application to authenticate and authorize using OpenID Connect Code flow with PKCE. This is good solution when implementing SPA apps requesting data from APIs on separate domains. The oidc-client-js npm package is used to implement the client side authentication logic and validation logic. IdentityServer4 and ASP.NET […]

An ASP.NET Core Razor Pages Bootstrap 4 Application using Webpack, Typescript, and npm

This article shows how an ASP.NET Core Razor Pages application could be setup to use webpack, Typescript and npm to build, and bundle the client js, CSS for development and production. The application uses Bootstrap 4. Code: https://github.com/damienbod/AspNetCorePagesWebpack The example is setup so that the vendor ( 3rd Party packages ) javascript files are used […]

Using the dotnet Angular template with Azure AD OIDC Implicit Flow

This article shows how to use Azure AD with an Angular application implemented using the Microsoft dotnet template and the angular-auth-oidc-client npm package to implement the OpenID Implicit Flow. The Angular app uses bootstrap 4 and Angular CLI. Code: https://github.com/damienbod/dotnet-template-angular History 2019-09-23 Updated to ASP.NET Core 3.0, OIDC 10.0.8 2018-07-13 Removed static calls to the […]

Using EF Core and SQLite to persist SignalR Group messages in ASP.NET Core

The article shows how SignalR messages can be saved to a database using EF Core and SQLite. The post uses the SignalR Hub created in this blog; SignalR Group messages with ngrx and Angular, and extends it so that users can only join an existing SignalR group. The group history is then sent to the […]

Auto redirect to an STS server in an Angular app using oidc Implicit Flow

This article shows how to implement an auto redirect in an Angular application, if using the OIDC Implicit Flow with an STS server. When a user opens the application, it is sometimes required that the user is automatically redirected to the login page on the STS server. This can be tricky to implement, as you […]