Category .NET Core

Implementing an ASP.NET Core API with .NET 9 and OpenAPI

August 6, 2024 · by · in .NET Core, ASP.NET Core · 3 Comments

This post implements a basic ASP.NET Core API using .NET 9 and the Microsoft OpenAPI implementation. The OpenAPI Nuget package supports both Controller based APIs and minimal APIs. Until now, we used excellent solutions like NSwag to produce the API schemas which can be used to auto-generate client code. Code: https://github.com/damienbod/WebApiOpenApi Setup A .NET 9 […]

Creating hashes in .NET

July 1, 2024 · by · in .NET Core, ASP.NET Core · 3 Comments

This article looks at different ways to create hashes in .NET Core. Hashes are useful for one way encryption which can be used for password storage, JWT validation and some other security use cases. When storing hashes in a database, extra care must be taken and the recommended approach from Microsoft should be used when […]

Sonar Webinar, end to end security of a web application

June 11, 2024 · by · in .NET Core, angular, ASP.NET Core, Azure, dotnet, Microsoft Entra ID, OAuth2, Security, Typescript · 1 Comment

I did a Webinar on application security with Denis Troller and Sonar. I would like to thank Sonar for this opportunity, I really enjoyed it and found doing this together with you really professional, pleasant and fun to do. Here’s the recording: Link to the Sonar Q&A: https://community.sonarsource.com/t/webinar-end-to-end-security-in-a-web-application/115405 Link to the repository: https://github.com/damienbod/EndToEndSecurity

Creating and downloading a PDF or DOCX in ASP.NET Core

June 5, 2024 · by · in .NET Core, ASP.NET Core, Web · 4 Comments

The post shows how a PDF can be created from data in an ASP.NET Core backend and downloaded using an API. The data could be loaded from different locations and exported then as a PDF or a docx or whatever you require. Code: https://github.com/damienbod/AspNetCoreCreatePdf Why GemBox? There are many different tools to generate PDF all […]

BFF secured ASP.NET Core application using downstream API and an OAuth client credentials JWT

April 8, 2024 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Security, Web · 6 Comments

This article shows how to implement a web application using backend for frontend security architecture for authentication and consumes data from a downstream API protected using a JWT access token which can only be accessed using an app-to-app access token. The access token is acquired using the OAuth2 client credentials flow and the API does […]

Multi client blob storage access using ASP.NET Core with Entra ID authentication and RBAC

March 4, 2024 · by · in .NET Core, ASP.NET Core, Microsoft Entra ID · 2 Comments

This article shows how to onboard different clients or organizations in an ASP.NET Core application to use separated Azure blob containers with controlled access using security groups and RBAC applied roles. Each user in a client group can only access a single blob storage and has no access to blob containers belonging to different clients. […]

Delegated read and application write access to blob storage using ASP.NET Core with Entra ID authentication

February 26, 2024 · by · in .NET Core, ASP.NET Core, dotnet · 5 Comments

This article shows how an ASP.NET Core application can control the write access to an Azure blob storage container using an application app registration. Microsoft Entra ID is used to control the user access and to implement the authentication of the web application. Code: https://github.com/damienbod/AspNetCoreEntraIdBlobStorage Blogs in this series The solution provides a secure upload […]

Using a CSP nonce in Blazor Web

February 19, 2024 · by · in .NET Core, ASP.NET Core, javascript · 7 Comments

OLD, please refer to the blogs in the github repo. This article shows how to use a CSP nonce in a Blazor Web application using the InteractiveServer server render mode. Using a CSP nonce is a great way to protect web applications against XSS attacks and other such Javascript vulnerabilities. Code: https://github.com/damienbod/BlazorServerOidc Notes The code […]

Using Blob storage from ASP.NET Core with Entra ID authentication

February 12, 2024 · by · in .NET Core, App Service, ASP.NET Core, Azure, Microsoft Entra ID · 4 Comments

This article shows how to implement a secure upload and a secure download in ASP.NET Core using Azure blob storage. The application uses Microsoft Entra ID for authentication and also for access to the Azure Blob storage container. Code: https://github.com/damienbod/AspNetCoreEntraIdBlobStorage Blogs in this series Security architecture The application is setup to store the file uploads […]

Secure an ASP.NET Core Blazor Web app using Microsoft Entra ID

February 5, 2024 · by · in .NET Core, ASP.NET Core, Microsoft Entra External ID, Microsoft Entra ID · 2 Comments

This article shows how to implement an ASP.NET Core Blazor Web application using Microsoft Entra ID for authentication. Microsoft.Identity.Web is used to implement the Microsoft Entra ID OpenID Connect client. Code: https://github.com/damienbod/Hostedblazor8MeID Note: I based this implementation on the example provided by Tomás López Rodríguez and adapted it. Setup The Blazor Web application is an […]

Older posts Newer posts