Category Typescript

Sonar Webinar, end to end security of a web application

June 11, 2024 · by · in .NET Core, angular, ASP.NET Core, Azure, dotnet, Microsoft Entra ID, OAuth2, Security, Typescript · 1 Comment

I did a Webinar on application security with Denis Troller and Sonar. I would like to thank Sonar for this opportunity, I really enjoyed it and found doing this together with you really professional, pleasant and fun to do. Here’s the recording: Link to the Sonar Q&A: https://community.sonarsource.com/t/webinar-end-to-end-security-in-a-web-application/115405 Link to the repository: https://github.com/damienbod/EndToEndSecurity

Using SonarCloud with ASP.NET Core, Angular and github actions

May 13, 2024 · by · in angular, ASP.NET Core, dotnet, javascript, Microsoft Entra ID, Typescript, Web · 2 Comments

This article demonstrates how to implement code analysis and Static Application Security Testing (SAST) using SonarCloud and GitHub Actions. The solution involves building a secure web application with ASP.NET Core for the backend and an Angular UI for the frontend, following a backend-for-frontend security architecture. Both the ASP.NET Core (C#) codebase and the Angular (TypeScript […]

Secure Angular application using Auth0 and ASP.NET Core with BFF

September 18, 2023 · by · in .NET Core, angular, ASP.NET Core, javascript, OAuth2, Security, Typescript · 3 Comments

The article shows how an Angular nx Standalone UI hosted in an ASP.NET Core application can be secured using cookies. Auth0 is used as the identity provider. The trusted application is protected using the Open ID Connect code flow with a secret and using PKCE. The API calls are protected using the secure cookie and anti-forgery tokens […]

Creating Certificates in .NET Core for Vue.js development using HTTPS

February 4, 2020 · by · in .NET, .NET Core, ASP.NET Core, dotnet, javascript, Typescript · 8 Comments

This article shows how to create development certificates for a Vue.js application, so that you can develop using HTTPS. The certificates are created using the CertificateManager nuget package. Code: CreateAngularVueJsDevelopmentCertificates A simple .NET Core console application is used to create the certificates. This type of application can run on most of the standard operating systems. […]

Building and securing an ASP.NET Core API with a hosted Vue.js UI

October 4, 2019 · by · in ASP.NET Core, dotnet, javascript, OAuth2, Security, SQLite, Typescript, UI, Uncategorized, Web · 8 Comments

This article shows how Vue.js can be used together with ASP.NET Core 3 in a single project. The Vue.js application is built using the Vue.js CLI and built to the wwwroot of the ASP.NET Core application. The ASP.NET Core application is used to implement the APIs consumed by the Vue.js UI. The application is secured […]

Securing browser based Javascript, Typescript applications

April 2, 2019 · by · in angular, javascript, MVC, OAuth2, Security, SignalR, Typescript, UI, Web · 2 Comments

This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]

Securing a Vue.js app using OpenID Connect Code Flow with PKCE and IdentityServer4

January 29, 2019 · by · in .NET Core, ASP.NET Core, ASPNET5, dotnet, javascript, OAuth2, Security, Typescript, UI · 9 Comments

This article shows how to setup a Vue.js SPA application to authenticate and authorize using OpenID Connect Code flow with PKCE. This is good solution when implementing SPA apps requesting data from APIs on separate domains. The oidc-client-js npm package is used to implement the client side authentication logic and validation logic. IdentityServer4 and ASP.NET […]

An ASP.NET Core Razor Pages Bootstrap 4 Application using Webpack, Typescript, and npm

June 23, 2018 · by · in .NET Core, ASP.NET Core, ASPNET5, dotnet, javascript, MVC, Typescript, Web · 4 Comments

This article shows how an ASP.NET Core Razor Pages application could be setup to use webpack, Typescript and npm to build, and bundle the client js, CSS for development and production. The application uses Bootstrap 4. Code: https://github.com/damienbod/AspNetCorePagesWebpack The example is setup so that the vendor ( 3rd Party packages ) javascript files are used […]

Using the dotnet Angular template with Azure AD OIDC Implicit Flow

January 23, 2018 · by · in .NET, .NET Core, angular, ASP.NET Core, ASPNET5, Azure, javascript, MVC, OAuth2, Security, Typescript, Web · 18 Comments

This article shows how to use Azure AD with an Angular application implemented using the Microsoft dotnet template and the angular-auth-oidc-client npm package to implement the OpenID Implicit Flow. The Angular app uses bootstrap 4 and Angular CLI. Code: https://github.com/damienbod/dotnet-template-angular History 2019-09-23 Updated to ASP.NET Core 3.0, OIDC 10.0.8 2018-07-13 Removed static calls to the […]

IdentityServer4 Localization with the OIDC Implicit Flow

November 6, 2017 · by · in .NET, .NET Core, angular, ASP.NET Core, ASPNET5, MVC, Security, Typescript, Web · 11 Comments

This post shows how to implement localization in IdentityServer4 when using the Implicit Flow with an Angular client. Code: https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow The problem When the oidc implicit client calls the endpoint /connect/authorize to authenticate and authorize the client and the identity, the user is redirected to the AccountController login method using the IdentityServer4 package. If the […]

Older posts