Category .NET

Implementing an ASP.NET Core API with .NET 9 and OpenAPI

August 6, 2024 · by · in .NET Core, ASP.NET Core · 3 Comments

This post implements a basic ASP.NET Core API using .NET 9 and the Microsoft OpenAPI implementation. The OpenAPI Nuget package supports both Controller based APIs and minimal APIs. Until now, we used excellent solutions like NSwag to produce the API schemas which can be used to auto-generate client code. Code: https://github.com/damienbod/WebApiOpenApi Setup A .NET 9 […]

Creating hashes in .NET

July 1, 2024 · by · in .NET Core, ASP.NET Core · 3 Comments

This article looks at different ways to create hashes in .NET Core. Hashes are useful for one way encryption which can be used for password storage, JWT validation and some other security use cases. When storing hashes in a database, extra care must be taken and the recommended approach from Microsoft should be used when […]

Sonar Webinar, end to end security of a web application

June 11, 2024 · by · in .NET Core, angular, ASP.NET Core, Azure, dotnet, Microsoft Entra ID, OAuth2, Security, Typescript · 1 Comment

I did a Webinar on application security with Denis Troller and Sonar. I would like to thank Sonar for this opportunity, I really enjoyed it and found doing this together with you really professional, pleasant and fun to do. Here’s the recording: Link to the Sonar Q&A: https://community.sonarsource.com/t/webinar-end-to-end-security-in-a-web-application/115405 Link to the repository: https://github.com/damienbod/EndToEndSecurity

Creating and downloading a PDF or DOCX in ASP.NET Core

June 5, 2024 · by · in .NET Core, ASP.NET Core, Web · 4 Comments

The post shows how a PDF can be created from data in an ASP.NET Core backend and downloaded using an API. The data could be loaded from different locations and exported then as a PDF or a docx or whatever you require. Code: https://github.com/damienbod/AspNetCoreCreatePdf Why GemBox? There are many different tools to generate PDF all […]

Implement a Microsoft Entra ID external authentication method using ASP.NET Core and OpenIddict

May 27, 2024 · by · in ASP.NET Core, Azure, dotnet, Microsoft Entra External ID, Microsoft Entra ID · 3 Comments

The article shows how to implement a Microsoft Entra ID external authentication method (EAM) using ASP.NET Core, OpenIddict and FIDO2/passkeys. The application using ASP.NET Core Identity to manage the accounts and the passkeys. Code: https://github.com/damienbod/MfaServer The following flow diagram from the Microsoft docs explains how EAM works. Refer to the documentation for a full explanation. […]

Using SonarCloud with ASP.NET Core, Angular and github actions

May 13, 2024 · by · in angular, ASP.NET Core, dotnet, javascript, Microsoft Entra ID, Typescript, Web · 2 Comments

This article demonstrates how to implement code analysis and Static Application Security Testing (SAST) using SonarCloud and GitHub Actions. The solution involves building a secure web application with ASP.NET Core for the backend and an Angular UI for the frontend, following a backend-for-frontend security architecture. Both the ASP.NET Core (C#) codebase and the Angular (TypeScript […]

Implement a secure Blazor Web application using OpenID Connect and security headers

April 15, 2024 · by · in ASP.NET Core, dotnet, Uncategorized · 9 Comments

This article shows how to implement a secure .NET 8 Blazor Web application using OpenID Connect and security headers with CSP nonces. The NetEscapades.AspNetCore.SecurityHeaders nuget package is used to implement the security headers and OpenIddict is used to implement the OIDC server. Code: https://github.com/damienbod/BlazorWebOidc OpenIddict is used as the identity provider and an OpenID connect […]

BFF secured ASP.NET Core application using downstream API and an OAuth client credentials JWT

April 8, 2024 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Security, Web · 6 Comments

This article shows how to implement a web application using backend for frontend security architecture for authentication and consumes data from a downstream API protected using a JWT access token which can only be accessed using an app-to-app access token. The access token is acquired using the OAuth2 client credentials flow and the API does […]

Create conditional access base policies for a Microsoft Entra ID tenant

April 2, 2024 · by · in Azure, Logging · 2 Comments

This article shows some of the base conditional access policies which can be implemented for all Microsoft Entra ID tenants. Phishing resistant authentication should be required for all administration flows and some other user policies like sign-in risk MFA or terms of conditions. I recommend these base policies when implementing an Microsoft Entra ID tenant […]

Multi client blob storage access using ASP.NET Core with Entra ID authentication and RBAC

March 4, 2024 · by · in .NET Core, ASP.NET Core, Microsoft Entra ID · 2 Comments

This article shows how to onboard different clients or organizations in an ASP.NET Core application to use separated Azure blob containers with controlled access using security groups and RBAC applied roles. Each user in a client group can only access a single blob storage and has no access to blob containers belonging to different clients. […]

Older posts Newer posts