Category .NET Core

Create Certificates for IdentityServer4 signing using .NET Core

February 10, 2020 · by · in .NET Core, ASP.NET Core, dotnet, Security · 14 Comments

This article shows how to create certificates for an IdentityServer4 application to use for signing and token validation. The certificates are created using the CertificateManager nuget package. Both RSA and ECDsa certificates can be used for signing in IdentityServer4. Code: Certificates for IdentityServer4 signing using .NET Core Creating the Certificates in .NET Core A simple […]

Creating Certificates in .NET Core for Vue.js development using HTTPS

February 4, 2020 · by · in .NET, .NET Core, ASP.NET Core, dotnet, javascript, Typescript · 8 Comments

This article shows how to create development certificates for a Vue.js application, so that you can develop using HTTPS. The certificates are created using the CertificateManager nuget package. Code: CreateAngularVueJsDevelopmentCertificates A simple .NET Core console application is used to create the certificates. This type of application can run on most of the standard operating systems. […]

Creating Certificates for X.509 security in Azure IoT Hub using .NET Core

January 29, 2020 · by · in .NET Core, dotnet, Security · 7 Comments

This article shows how to create certificates in .NET Core which can be used for Azure IoT Hub. The chained certificates are created using the nuget package CertificateManager. Code: https://github.com/damienbod/AspNetCoreCertificates To use X.509 security with Azure IoT Hub, we would like to create chained certificates. This would make it possible to separate devices or group […]

Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity and IdentityServer4

December 18, 2019 · by · in .NET Core, ASP.NET Core, dotnet, MVC, OAuth2, Security, Web · 3 Comments

This post adds the custom ASP.NET Core Identity, IdentityServer4 logic to check for the “acr_values” and react if a client application requests MFA for authentication. The “acr_values” parameter is used to pass the mfa value from the client to the server in the authentication request. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Blogs in this series Force ASP.NET Core OpenID […]

Force ASP.NET Core OpenID Connect client to require MFA

December 16, 2019 · by · in .NET, .NET Core, ASP.NET Core, Azure, dotnet, MVC, OAuth2, Security, Web · 6 Comments

This article shows how an ASP.NET Core Razor Page application which uses OpenID Connect to sign in, can require that users have authenticated using MFA (multi factor authentication). Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Blogs in this series Force ASP.NET Core OpenID Connect client to require MFA Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity […]

Using HTTP Request Routes, Request Body, and Query string parameters for Authorization in ASP.NET Core

December 2, 2019 · by · in .NET Core, ASP.NET Core, ASPNET5, dotnet · 2 Comments

This post shows how HTTP route parameters, a HTTP request body or HTTP request query string parameters can be used for authorization in ASP.NET Core. Code: https://github.com/damienbod/AspNetCoreWindowsAuth Authorization using ASP.NET Core Route parameters An AuthorizationHandler can be used to implement authorization logic in ASP.NET Core. The handler can authorize HTTP requests using a route parameter […]

User claims in ASP.NET Core using OpenID Connect Authentication

November 1, 2019 · by · in .NET Core, ASP.NET Core, MVC · 9 Comments

This article shows two possible ways of getting user claims in an ASP.NET Core application which uses an OpenID Connect server. Both ways have advantages and require setting different code configurations in both applications. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi History The Microsoft.AspNetCore.Authentication.OpenIdConnect Nuget package can be used to support OpenID Connect in an ASP.NET Core application. This needs […]

Securing a Web API using multiple token servers

October 25, 2019 · by · in .NET, .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 1 Comment

This article shows how a single secure Web API could be used together with multiple secure token servers. The API uses JWT Bearer token authentication, but because the access token come from different token servers, the tokens validation need to be changed. Code: https://github.com/damienbod/ApiJwtWithTwoSts Using multiple Authorities with shared certitficate The first way this can […]

Adding FIDO2 Passwordless authentication to an ASP.NET Core Identity App

October 18, 2019 · by · in .NET Core, ASP.NET Core, dotnet, Security · 2 Comments

This article shows how FIDO2 WebAuthn could be used for a passwordless sign in integrated into an ASP.NET Core Identity application. The FIDO2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo code created by Anders Åberg. The application is implemented using ASP.NET Core 3.0 with Identity. For information about FIDO2 and WebAuthn, please […]

ASP.NET Core Identity with FIDO2 WebAuthn MFA

August 6, 2019 · by · in .NET Core, ASP.NET Core, javascript, MVC, Security, Web · 3 Comments

This article shows how FIDO2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application. The FIDO2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo code created by Anders Åberg. The application is implemented using ASP.NET Core 3.0 with Identity. For information about Fido2 and WebAuthn, please refer to […]

Older posts Newer posts