Category javascript

Securing browser based Javascript, Typescript applications

April 2, 2019 · by · in angular, javascript, MVC, OAuth2, Security, SignalR, Typescript, UI, Web · 2 Comments

This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]

Securing a Vue.js app using OpenID Connect Code Flow with PKCE and IdentityServer4

January 29, 2019 · by · in .NET Core, ASP.NET Core, ASPNET5, dotnet, javascript, OAuth2, Security, Typescript, UI · 9 Comments

This article shows how to setup a Vue.js SPA application to authenticate and authorize using OpenID Connect Code flow with PKCE. This is good solution when implementing SPA apps requesting data from APIs on separate domains. The oidc-client-js npm package is used to implement the client side authentication logic and validation logic. IdentityServer4 and ASP.NET […]

Securing Angular applications using the OpenID Connect Code Flow with PKCE

January 9, 2019 · by · in .NET, angular, ASP.NET Core, OAuth2, Security · 19 Comments

In this post, I show how an Angular application could be secured using the OpenID Connect Code Flow with Proof Key for Code Exchange (PKCE). The Angular application uses the OIDC lib angular-auth-oidc-client. In this example, the src code is used directly, but you could also use the npm package. Here’s an example which uses […]

Using an OData Client with an ASP.NET Core API

October 18, 2018 · by · in angular, ASP.NET Core, OData · 7 Comments

The article shows how to implement an OData client from an ASP.NET Core application. Bearer token authorization is used to secure the API. Code: https://github.com/damienbod/AspNetCoreOData This blog is part 2 from this blog: Part 1: OData with ASP.NET Core History 2020-11-22 Updated .NET 5 2020-07-06 Updated .NET Core 3.1, IdentityServer4 4.0.2 Setting up the applications […]

An ASP.NET Core Razor Pages Bootstrap 4 Application using Webpack, Typescript, and npm

June 23, 2018 · by · in .NET Core, ASP.NET Core, ASPNET5, dotnet, javascript, MVC, Typescript, Web · 4 Comments

This article shows how an ASP.NET Core Razor Pages application could be setup to use webpack, Typescript and npm to build, and bundle the client js, CSS for development and production. The application uses Bootstrap 4. Code: https://github.com/damienbod/AspNetCorePagesWebpack The example is setup so that the vendor ( 3rd Party packages ) javascript files are used […]

Uploading and sending image messages with ASP.NET Core SignalR

May 13, 2018 · by · in .NET Core, angular, ASP.NET Core, ASPNET5, dotnet, SignalR · 9 Comments

This article shows how images could be uploaded using a file upload with a HTML form in an ASP.MVC Core view, and then sent to application clients using SignalR. The images are uploaded as an ICollection of IFormFile objects, and sent to the SignalR clients using a base64 string. Angular is used to implement the […]

Using the dotnet Angular template with Azure AD OIDC Implicit Flow

January 23, 2018 · by · in .NET, .NET Core, angular, ASP.NET Core, ASPNET5, Azure, javascript, MVC, OAuth2, Security, Typescript, Web · 18 Comments

This article shows how to use Azure AD with an Angular application implemented using the Microsoft dotnet template and the angular-auth-oidc-client npm package to implement the OpenID Implicit Flow. The Angular app uses bootstrap 4 and Angular CLI. Code: https://github.com/damienbod/dotnet-template-angular History 2019-09-23 Updated to ASP.NET Core 3.0, OIDC 10.0.8 2018-07-13 Removed static calls to the […]

Sending Direct Messages using SignalR with ASP.NET Core and Angular

December 5, 2017 · by · in .NET Core, angular, ASP.NET Core, OAuth2, Security, SignalR · 11 Comments

This article shows how SignalR could be used to send direct messages between different clients using ASP.NET Core to host the SignalR Hub and Angular to implement the clients. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity Posts in this series History 2023-01-08 Updated Angular 15, .NET 72021-01-25 Updated Angular 11.1.0 .NET 5, ngrx implementation2020-03-21 updated packages, fixed Admin UI STS2019-08-18 […]

IdentityServer4 Localization with the OIDC Implicit Flow

November 6, 2017 · by · in .NET, .NET Core, angular, ASP.NET Core, ASPNET5, MVC, Security, Typescript, Web · 11 Comments

This post shows how to implement localization in IdentityServer4 when using the Implicit Flow with an Angular client. Code: https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow The problem When the oidc implicit client calls the endpoint /connect/authorize to authenticate and authorize the client and the identity, the user is redirected to the AccountController login method using the IdentityServer4 package. If the […]

Securing an Angular SignalR client using JWT tokens with ASP.NET Core and Duende IdentityServer

October 16, 2017 · by · in .NET, .NET Core, angular, ASP.NET Core, Entity Framework, OAuth2, Security, SignalR · 18 Comments

This post shows how an Angular SignalR client can send secure messages using JWT bearer tokens with an API and an STS server. The STS server is implemented using Duende IdentityServer and the API is implemented using ASP.NET Core. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity Posts in this series History 2023-01-08 Updated Angular 15, .NET 72021-01-25 Updated Angular 11.1.0 […]

Older posts Newer posts