Category ASP.NET Core

Add Fido2 MFA to an OpenIddict identity provider using ASP.NET Core Identity

July 4, 2022 · by · in .NET, .NET Core, ASP.NET Core, OAuth2, Security, Web · 5 Comments

This article shows how to add Fido2 multi-factor authentication to an OpenID Connect identity provider using OpenIddict and ASP.NET Core Identity. OpenIddict implements the OpenID Connect standards and ASP.NET Core Identity is used for the user accounting and persistence of the identities. Code: https://github.com/damienbod/AspNetCoreOpeniddict I began by creating an OpenIddict web application using ASP.NET Core […]

Force MFA in Blazor using Azure AD and Continuous Access

June 13, 2022 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID, Uncategorized · 4 Comments

This article shows how to force MFA from your application using Azure AD and a continuous access auth context. When producing software which can be deployed to multiple tenants, instead of hoping IT admins configure this correctly in their tenants, you can now force this from the application. Many tenants do not force MFA. Code: […]

Implement Azure AD Continuous Access (CA) standalone with Blazor ASP.NET Core

May 30, 2022 · by · in .NET Core, ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID, Uncategorized · 1 Comment

This post shows how to force an Azure AD policy using Azure AD Continuous Access (CA) in an ASP.NET Core Blazor application. An authentication context is used to require MFA. The “acrs” claim in the id_token is used to validate whether or not an Azure AD CAE policy has been fulfilled. If the claim is […]

Implement Azure AD Continuous Access (CA) step up with ASP.NET Core Blazor using a Web API

May 23, 2022 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID · 2 Comments

This article shows how to implement Azure AD Continuous Access (CA) in a Blazor application which uses a Web API. The API requires an Azure AD conditional access authentication context. In the example code, MFA is required to use the external API. If a user requests data from the API using the required access token […]

Using multiple Azure B2C user flows from ASP.NET Core

May 16, 2022 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID, OAuth2, Security · 5 Comments

This article shows how to use multiple Azure B2C user flows from a single ASP.NET Core application. Microsoft.Identity.Web is used to implement the authentication in the client. This is not so easy to implement with multiple schemes as the user flow policy is used in most client URLs and the Microsoft.Identity.Web package overrides an lot […]

Implement an OpenIddict identity provider using ASP.NET Core Identity with Keycloak federation

May 2, 2022 · by · in .NET, .NET Core, ASP.NET Core, dotnet · 4 Comments

This post shows how to setup a Keycloak external authentication in an OpenIddict identity provider using ASP.NET Core identity. Code: https://github.com/damienbod/AspNetCoreOpeniddict Setup The solution context implements OpenID Connect clients which use an OpenIddict identity provider and ASP.NET Core Identity to manage the accounts. All clients authenticate using the OpenIddict server. Keycloak is used as an […]

Implement Azure AD Continuous Access in an ASP.NET Core Razor Page app using a Web API

April 20, 2022 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID, MVC, Web · 6 Comments

This article shows how Azure AD continuous access (CA) can be used in an ASP.NET Core UI application to force MFA when using an administrator API from a separate ASP.NET Core application. Both applications are secured using Microsoft.Identity.Web. An ASP.NET Core Razor Page application is used to implement the UI application. The API is implemented […]

Implementing OAuth2 APP to APP security using Azure AD from a Web APP

March 28, 2022 · by · in .NET Core, ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID, OAuth2, Security · 5 Comments

This article shows how to implement an API service and client in separate ASP.NET Core applications which are secured using Azure application permissions implemented in an Azure App registration. The OAuth client credentials flow is used to get an access token to access the API. Microsoft.Identity.Web is used to implement the client credentials (CC) flow. […]

Onboarding new users in an ASP.NET Core application using Azure B2C

March 24, 2022 · by · in .NET Core, ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID · 2 Comments

This article shows how to onboard new users into your ASP.NET Core application using Azure B2C as the identity provider and the account management. The software has application specific persisted user data and this user data needs to be connected to the identity data from the corresponding user in Azure B2C. Code: https://github.com/damienbod/azureb2c-fed-microsoft-entra-id History 2024-01-02 […]

Transforming identity claims in ASP.NET Core and Cache

March 16, 2022 · by · in .NET, ASP.NET Core, Azure, dotnet, Microsoft Entra External ID, Microsoft Entra ID, OAuth2, Security · 5 Comments

The article shows how to add extra identity claims to an ASP.NET Core application which authenticates using the Microsoft.Identity.Web client library and Azure AD B2C or Azure AD as the identity provider (IDP). This could easily be switched to OpenID Connect and use any IDP which supports OpenID Connect. The extra claims are added after […]

Older posts Newer posts