Category .NET

Using HTTP Request Routes, Request Body, and Query string parameters for Authorization in ASP.NET Core

December 2, 2019 · by · in .NET Core, ASP.NET Core, ASPNET5, dotnet · 3 Comments

This post shows how HTTP route parameters, a HTTP request body or HTTP request query string parameters can be used for authorization in ASP.NET Core. Code: https://github.com/damienbod/AspNetCoreWindowsAuth Authorization using ASP.NET Core Route parameters An AuthorizationHandler can be used to implement authorization logic in ASP.NET Core. The handler can authorize HTTP requests using a route parameter […]

WPF Azure AD signin with Sharepoint Online API call using Graph API

November 9, 2019 · by · in .NET, OAuth2, Security · 1 Comment

This article shows how a native WPF application could authenticate and authorize using an Azure Active Directory App Registration and then upload and download files in Sharepoint Online. The Graph API is used to access Sharepoint. Other Sharepoint libraries will NOT work if using an Azure AD signin. Code: https://github.com/damienbod/WpfAzureADSharepointOnlineGraphApi Setup the Azure Active Directory […]

User claims in ASP.NET Core using OpenID Connect Authentication

November 1, 2019 · by · in .NET Core, ASP.NET Core, MVC · 9 Comments

This article shows two possible ways of getting user claims in an ASP.NET Core application which uses an OpenID Connect server. Both ways have advantages and require setting different code configurations in both applications. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi History The Microsoft.AspNetCore.Authentication.OpenIdConnect Nuget package can be used to support OpenID Connect in an ASP.NET Core application. This needs […]

Securing a Web API using multiple token servers

October 25, 2019 · by · in .NET, .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 1 Comment

This article shows how a single secure Web API could be used together with multiple secure token servers. The API uses JWT Bearer token authentication, but because the access token come from different token servers, the tokens validation need to be changed. Code: https://github.com/damienbod/ApiJwtWithTwoSts Using multiple Authorities with shared certitficate The first way this can […]

Adding FIDO2 Passwordless authentication to an ASP.NET Core Identity App

October 18, 2019 · by · in .NET Core, ASP.NET Core, dotnet, Security · 2 Comments

This article shows how FIDO2 WebAuthn could be used for a passwordless sign in integrated into an ASP.NET Core Identity application. The FIDO2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo code created by Anders Åberg. The application is implemented using ASP.NET Core 3.0 with Identity. For information about FIDO2 and WebAuthn, please […]

Securing an ASP.NET Core Razor Page App using OpenID Connect Code flow with PKCE

October 11, 2019 · by · in ASP.NET Core, MVC, OAuth2, Security · 8 Comments

This article shows how to secure an ASP.NET Core Razor Page application using the Open ID Connect code flow with PKCE (Proof Key for Code Exchange). The secure token server is implemented using Duende IdentityServer but any secure token server (STS) can be used which supports PKCE. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi See WebCodeFlowPkceClient project. History An ASP.NET […]

Building and securing an ASP.NET Core API with a hosted Vue.js UI

October 4, 2019 · by · in ASP.NET Core, dotnet, javascript, OAuth2, Security, SQLite, Typescript, UI, Uncategorized, Web · 8 Comments

This article shows how Vue.js can be used together with ASP.NET Core 3 in a single project. The Vue.js application is built using the Vue.js CLI and built to the wwwroot of the ASP.NET Core application. The ASP.NET Core application is used to implement the APIs consumed by the Vue.js UI. The application is secured […]

ASP.NET Core Identity with FIDO2 WebAuthn MFA

August 6, 2019 · by · in .NET Core, ASP.NET Core, javascript, MVC, Security, Web · 3 Comments

This article shows how FIDO2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application. The FIDO2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo code created by Anders Åberg. The application is implemented using ASP.NET Core 3.0 with Identity. For information about Fido2 and WebAuthn, please refer to […]

An alternative way to build and bundle Javascript, CSS in ASP.NET Core MVC and Razor Page projects

July 30, 2019 · by · in .NET Core, ASP.NET Core, javascript, jQuery, MVC, UI, Validation, Web · 2 Comments

This article shows how Javascript packages, files, CSS files could be built and bundled in an ASP.NET Core MVC or Razor Page application. The Javascript packages are loaded using npm in which most Javascript projects are deployed. No CDNs are used, only local files so that all external URLs, non self URL links can be […]

System Testing ASP.NET Core APIs using XUnit

July 7, 2019 · by · in .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 1 Comment

This article shows how an ASP.NET Core API could be tested using system tests implemented using XUnit. The API is protected using JWT Bearer token authorization, and the API uses a secure token server to validate the API requests. When running the tests, the access token needs to be requested, and used to access the […]

Older posts Newer posts